The SANS Internet Storm Center has reported a cross-site scripting flaw in Adobe’s PDF Reader software.
The flaw has also been reported by Symantec and various independent security researchers, and allows an attacker to run arbitrary code on a user’s machine by getting them to open a link to a website via an e-mail.
Adobe has so far not commented on the reported flaw.
The SANS report on the problem can be read here:
Comment on this article: email@example.com