On Tuesday, July 21, 2009, symantec became Aware of a Previously Un-Known Vulnerability Affecting Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. Attackers can Exploit the Issue to Execute Arbitrary Code by enticing a Vulnerable User into visiting a Malicious Web Site or Opening a Malicious File. This Issue is being Exploited In-The-Wild in Limited Attacks.

On July 21, 2009, Adobe acknowledged the Vulnerability in the following Post: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html.

Users are Advised to:

- Avoid following Web Links that Originate from Un-Known or Un-Trusted Sources.

- Avoid Processing Files that Originate from Un-Known or Un-Trusted Sources.

- Implement multiple redundant layers of security such as Non-Executable Stack/Heap Configurations and Randomly-Mapped Memory Segments.

- Deploy Intrusion Detection to Monitor Network Traffic for Malicious Activity.

- Run all Software as a Non-Privileged User with Minimal Access Rights.

For more information, see the following Vulnerability Alert:

Adobe Acrobat, Reader and Flash Player Un-Specified Vulnerability: http://www.securityfocus.com/bid/35759.