The same hacker who discovered a recently patched QuickTime flaw affecting the Firefox browser says he has found an equally serious flaw in Adobe Systems Incorporated's PDF file format. Using Adobe Reader 8.1 on Windows XP, Petko Petkov confirmed that PDF documents can be used to compromise a Windows system. "All it takes is to open a PDF document or stumble across a page which embeds one." The security researcher noted other versions may be affected and said he would not release code that shows how this attack works until Adobe provided a patch for the problem. Typical exploits are version-specific but this one seems to be related to how the files are read. If Petkov's claims are correct, this flaw could be one of PDF's most serious to date.
News source: PC World