Last Wednesday, Adobe Systems acknowledged a vulnerability in both Adobe Reader and Acrobat that could be exploited using malware to release sensitive system information. Under certain circumstances, it is possible to discover the existence of local files on an end-user system using XML scripts.
The problem affects versions 7.0-7.0.1, and is located within the Adobe Reader control. According to Adobe’s Support Knowledgebase, the impact of the flaw is minimized because attackers would need to know complete filenames and paths in advance in order to exploit the vulnerability.
The available patches can be downloaded from the Adobe web site.