New Acrobat 9.x/10x vulnerabilty
There’s a new security hole in Adobe Acrobat Reader and Adobe Acrobat, where the attacker can exploit a problem with the Flash plug-in inside a PDF file to install malware onto your computer. Such malware could introduce viruses that could damage files on your computer, as well as install software that could capture your various logins and passwords, banking information, key codes for games, and credit card numbers
The problem currently affects Windows PCs only, and an update will be released by Adobe by July 31st, 2009. In the meantime, it’s recommended that you delete a file on your system to remove Flash capability from Acrobat Reader/Acrobat:
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF that contains SWF content. Depending on the product, the authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or C:\Program Files\Adobe\Acrobat 9.0]\Acrobat\authplay.dll. Windows Vista users should consider enabling UAC (User Access Control) to mitigate the impact of a potential exploit. Flash Player users should exercise caution in browsing untrusted websites. Adobe is in contact with Antivirus and Security vendors regarding the issue and recommend users keep their anti-virus definitions up to date.