The issue is not a serious problem and does not allow for remote code execution, but McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2.
"We have detected some PDF samples in the wild that are exploiting this issue. Our investigation shows that the samples were made and delivered by an ‘email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks," wrote McAfee's Haifei Li.
McAfee declined to reveal the details of the vulnerability as Adobe is yet to release a patch for it. The vendor said that it has already detected a number of groups and people exploiting it, potentially for malicious purposes.
About the author