Security firm iDefense warns that a flaw in Adobe Systems’ Reader 6.x and Acrobat Reader 5.x could be exploited via a malicious Web site to execute arbitrary code. According to iDefense’s advisory, the vulnerability is caused by a boundary error in the ‘pdf.ocx’ ActiveX component supplied with Adobe Acrobat Reader.
‘This can be exploited via a malicious Web site using a specially crafted URL to potentially execute arbitrary code,’ iDefense said. Other versions may also be affected. As a workaround, iDefense recommends users change Adobe Acrobat/Acrobat Reader settings to prevent PDFs from automatically opening when accessed by a Web browser.
‘When prompted, first save the file to disk before opening, thereby closing the exploitation vector described,’ the advisory said.