A vulnerability has been reported in Adobe Reader. It is caused due to an unspecified error when processing pdf files.

Related Software Versions
Adobe Reader 7.0.8 and earlier versions
Adobe Acrobat Standard, Professional and Elements 7.0.8 and earlier versions
Adobe Acrobat 3D

Description

A cross-site scripting (XSS) vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat could allow remote attackers to inject arbitrary JavaScript into a browser session.The vulnerability could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. These vulnerabilities have been assigned a critical severity rating. A malicious file must be loaded in Adobe Reader by the end user for an attacker to exploit these vulnerabilities.

Workaround Available [via Adobe Security Advisories]

Adobe Reader on Windows
Adobe strongly recommends upgrading to Adobe Reader 8, available from the following site:
http://www.adobe.com/go/getreader.

Users with Adobe Reader 7.0 through 7.0.8, who cannot upgrade to Reader 8, should upgrade to Reader 7.0.9. Adobe Reader 7.0.9 is available as a full installation package and not a patch. It can be installed on top of any older version of Reader 7 and user preferences will be preserved:
http://www.adobe.com/go/getreader.

If customers are using Adobe Reader 6.0–6.0.5 and are unable to upgrade to version 8 or 7.0.9 due to Operating System constraints for example, Adobe recommends upgrading to version 6.0.6 either via a series of patches from: http://www.adobe.com/downloads or by using the auto-update mechanism within the product when prompted.

Adobe Reader on Mac OS
Adobe strongly recommends upgrading to Adobe Reader 8, available from the following site: http://www.adobe.com/go/getreader.

Users with Adobe Reader 7.0 through 7.0.8, who cannot upgrade to Reader 8, should upgrade to Reader 7.0.9. The Reader 7.0.9 update requires that Adobe Reader 7.0.8 is installed on your Mac system. To determine which version of Adobe Reader is installed, choose Adobe Reader > About Adobe Reader. The version number appears in the upper left corner below the Adobe Reader logo.

If version 7.0.8 is installed, download and install this incremental patch.
After downloading the update file, double-click it to begin the update process and access the file’s contents.

If version 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.5, 7.0.7 or an earlier version of Reader is installed and customers cannot update to Reader 8, Adobe recommends that customers download the full Adobe Reader 7.0.9 installer from the Reader download page.

Adobe Acrobat on Windows or Mac OS
For version 7.0–7.0.8, users should utilize the product’s automatic update facility. The default installation configuration runs automatic updates on a regular schedule, and can be manually activated by choosing Help > Check For Updates Now. Alternatively, the update files can also be manually downloaded and installed from www.adobe.com/downloads.

If customers are using Adobe Acrobat 6.0–6.0.5 for Windows and are unable to upgrade to version 8 or 7.0.9 due to Operating System constraints for example, Adobe recommends upgrading to Windows version 6.0.6 either via a series of patches from: http://www.adobe.com/downloads or by using the auto-update mechanism within the product when prompted.

Adobe Reader on UNIX
For version 7.0, users should upgrade to Adobe Reader 7.0.9 from http://www.adobe.com/go/getreader.

For versions prior to 7.0, users should upgrade to 7.0.9 http://www.adobe.com/go/getreader.

Server-side workarounds for website operators
Adobe has provided workarounds for website operators to prevent the cross-site scripting vulnerability (CVE-2007-0045) from the server side. Please review Security Advisory APSA07-02 for more information.

Related:
Vulnerability In MS Office
25th Birthday Of Virus
Hackers Attacked Gorbachev’s Website