
According to Adobe, the vulnerability affects the ActiveX components for versions 7.0.0 through 7.0.8 of both its Reader and Acrobat applications.
The vulnerability can be exploited when a user views a specially-crafted web page with Internet Explorer. Once the exploit has been executed, an attacker would have the ability to remotely install and execute malware.
The vulnerability was originally reported by French security research firm FrSIRT. Both FrSIRT and Adobe rate the vulnerability as "critical" – the highest alert level for both organisations.
According to Adobe, the threat can be neutralised by deleting the AcroPDF.dll ActiveX file. This will disable the ability to view PDF files within Internet Explorer, however. Other browsers and non-Windows operating systems are not affected by the vulnerability.