There is a major security hole is ALL Versions of Adobe Reader and Acrobat!
The fix is being worked on if you are using a 3rd party to read your PDF you ok. If you are using ADOBE products be very careful The patches will not be out till March 11. 2009
Here is the article directly form Adobe
Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat
Release date: February 19, 2009
Vulnerability identifier: APSA09-01
CVE number: CVE-2009-0658
Platform: All platforms
A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Adobe is planning to make updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, available by March 18th. In the meantime, Adobe is in contact with anti-virus and security vendors, including McAfee, Symantec and others, on this issue in order to ensure the security of our mutual customers. More information on protection for this issue from anti-virus and security vendors is now available on the Adobe Product Security Incident Response Team blog.
- Launch Acrobat or Adobe Reader.
- Select Edit>Preferences
- Click OK
A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.
All documented security vulnerabilities and their solutions are distributed through the Adobe security notification service. You can sign up for the service at the following URL: http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert
Affected software versions
Adobe Reader 9 and earlier versions
Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier versions
Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.
February 24, 2008 – Advisory updated
February 19, 2009 – Advisory first created