Petko Petkov, a security expert who has previously discovered bugs in the Second Life client, the Firebug JavaScript debugger, Microsoft's Windows Media Player, and most recently Firefox's QuickTime plug-in, is now claiming to have found a serious flaw in Adobe's PDF format, according to a recent post in his blog:
"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one."
Petkov has confirmed the issue on Windows XP SP2 with the latest Adobe Reader 8.1, 8.0 and 7 and says other versions - as well as other PDF viewers - may be affected. Vista users, however, are not vulnerable to the flaw.
Petkov says he has informed Adobe and will not release the code demonstrating the attack works until Adobe provides a patch, "You have to take my word for it," he said. Given Petkov's proven track record identifying several vulnerabilities in the past, it wouldn't hurt to use some extra caution when opening PDF files from unknown sources.