Security specialist David Kierznowski
published an article revealing two possible backdoor techniques for fully patched versions of Adobe Acrobat Reader and Professional. It includes everything a wannabe hacker needs to know to exploit your computer: proof of concept code and backdoored PDF documents.
Quote:
The first attack is simple and affects both Adobe Reader and Adobe Professional. It involves adding a malicious link into the PDF document. Once the document is opened, the user's browser is automatically launched and the link is accessed. At this point it is obvious that any malicious code be launched. It is interesting to note that both Adobe 6 & 7 did not warn me before launching these URLs.
The second attack involves utilising Adobe's ADBC (Adobe Database Connectivity) and Web Services support.
|
At least as a temporarily solution you may want to switch to one of the
alternative PDF Readers out there, which are, from what I've heard, not exploitable this way.
Related: Adobe Acrobat subject to remote exploit
[via
Full Disclosure Mailing List]