Nearly a week after information on the problem was leaked on the Internet, Adobe Systems Inc. and CERT on Wednesday put out statements warning of a vulnerability in several software packages used to read Adobe PDF files on Unix machines.
The flaw allows a remote attacker to execute code on a vulnerable machine with the privileges of the local user. This is possible because the flawed readers spawn external programs to handle hyperlinks contained within PDF documents. In order to exploit the vulnerability, an attacker could embed a hyperlink within a malicious PDF.
A number of readers/viewers are vulnerable, including Adobe Reader and versions from Red Hat Inc., Sun Microsystems Inc. and The Debian Project. Adobe"s newly released Reader 5.07 includes a patch that fixes this flaw. The vulnerability affects machines running Unix, AIX, Linux, Solaris or HP/UX; Windows and Macintosh machines are unaffected.