This
eWeek article quotes security analyst Petko D. Petkov as saying Adobe Reader is subject to a zero-day security vulnerability through which an attacker can take over a Windows system. According to Petkov, 'All it takes is to open a [maliciously rigged] PDF document or stumble across a page which embeds one.' The issue has reportedly been verified on Windows XP Service Pack 2 with Adobe Reader 8.1, but previous versions of Adobe Reader may also be vulnerable. Considering the prevalence of PDF files and the fact that Adobe Reader is a closed-source product, Petkov says he will not release a proof of concept until the issue is patched.
Meanwhile, eWeek says Symantec has issued a warning to customers via its
DeepSight Alert Services. The warning talks of an "unspecified vulnerability
when handling malicious PDF files" that allows attackers to take over victims'
machines.
Two recommendations:
- Never download/save/execute/double-click files from unknown/unverified
sources, specially if they are executable or can execute code (scripts, macros)
- If you want a free, fast PDF reader for Windows with better rendering quality
than Foxit, use
PDF-Xchange Viewer.