Adobe is reporting yet another “potential vulnerability” affecting Adobe Reader and Acrobat 9.1.2 and Flash Player 9 and 10 and is “investigating this potential issue.” (their blog post here.)
Malicious Flash files can be embedded in PDF documents which can be executed by vulnerable copies of Adobe Reader. Exploits also can be executed by the Flash player directly. A small number of exploits has been reported in the wild. A fix is expected by the end of July.
US-CERT has posted workarounds:
Disable Flash in Adobe Reader 9 on Windows platforms by renaming the following files: “%ProgramFiles%AdobeReader 9.0Readerauthplay.dll” and “%ProgramFiles%AdobeReader 9.0Readerrt3d.dll”.
Disable Flash Player or selectively enable Flash content. CERT offers a document on securing your web browser here.
Tom Kelchner