Adobe has rolled out patches for Adobe Reader 7.0 and 7.0.1, and Adobe Acrobat 7.0 and 7.0.1 in response to security vulnerabilities found in these products. Specifically, there is a security flaw present which is known as the XML External Entity vulnerability. This vulnerability can allow XML scripts to be used to compromise system security. Adobe is recommending that all users upgrade to 7.02.
According to Adobe officials, the vulnerability is within the Adobe Reader control. If an XML script is embedded in JavaScript, it is possible to discover the existence of local files, according to a security advisory from the company. An attacker could then maliciously use the gathered information. But the statement pointed out that the local files can be found only if the attacker knows the complete file names and paths in advance of such an attack.