A critical security glitch in two widely used software products from Adobe Systems, Inc. could spell danger if you are a Windows user running Internet Explorer as your web browser. The two products affected, Adobe Acrobat and Adobe Acrobat Reader, are the default applications for displaying PDF files. The .pdf format is a common standard and many people have, at the very least, the free Acrobat Reader application on their PC.
How the Flaw Can Exploit Your PC
The bug, first reported to Adobe by FrSIRT, a French security service, is a serious one as it can potentially allow an attacker to remotely gain total control of your computer. The attacker could gain access to your PC once you view a specially crafted PDF file in Internet Explorer. You could be led to this file by a link embedded in a web page or email or via an attachment to a message, and as soon as the file is opened with your browser you become exposed.
What To Do Next
Adobe, who states that the bug only affects versions 7.0.0 through 7.0.8 of Acrobat Reader as well as the Standard and Professional editions of Acrobat, has provided an update to Adobe Reader to resolve the problem. If you are running any of these versions of Reader, it is recommended that you download and install this update right away.
However, no update has been provided yet for Adobe Acrobat users. It is recommended that you take action to protect yourself immediately rather than waiting for Adobe to release an update. To do this, you must first ensure that Acrobat is not running. If the application is open, then shut it down completely. Next, use Windows Search or Find feature to locate the following file on your hard drive: AcroPDF.dll. Once you find the file, delete it. If Windows cannot find the file anywhere on your hard drive, chances are you do not have Adobe Acrobat 7.0+ or Adobe Reader 7.0+ installed.
Deleting this file makes certain that any PDF files you launch will not be opened by Internet Explorer. This does not mean that you cannot view these files, as they will now open in your respective Adobe product instead of in your web browser.