The flaw in Adobe Reader - which also affects some versions of Adobe Acrobat - allows an attacker to completely control a system.
According to an article over on CNet
, the exploit - which is being described as a 0-day attack targeting both the latest version of Adobe Reader as well as Adobe Acrobat 9.1.3 and earlier - is being actively used in the wild, and is capable of affecting systems based on any version of Windows from 98 up to Windows Server 2003 - with the exception of Windows Vista and the as-yet unreleased Windows 7.
The vulnerability, spotted by anti-virus firm Trend Micro, has been labeled Troj_Pidief.Uo
to drop a backdoor application dubbed Bkdr_Protux.bd
" - giving the attacker full control over the system.
Although Adobe has written a patch which addresses the targeted issue, the company has stated it is holding back its release until tomorrow - to co-incide with Microsoft's traditional Patch Tuesday monthly release cycle and give system administrators an easier time of things. However, this does leave systems vulnerable for an extra day.
the company admitted that its products were the victim of another 0-day vulnerability, which itself echoed an attack from February
of last year, just one month after Adobe updated its Flash player package to protect against another