North Carolina State's Craig Newmark alerts us to a Computerworld article by Greg Keizer about a security flaw in PDF files.
A design flaw in Adobe's popular PDF format will quickly be exploited by hackers to install financial malware on users' computers, a security company argued today. The bug, which is not strictly a security vulnerability but actually part of the PDF specification, was first disclosed by Belgium researcher Didier Stevens last week. Stevens demonstrated how a multistage attack using the PDF specification's "/Launch" function could successfully exploit a fully-patched copy of Adobe Reader. Unlike other attacks based on rogue PDFs, Stevens' technique does not require an underlying vulnerability in Adobe's Reader or Acrobat, but instead relies on social engineering tactics to dupe users into opening a malicious PDF. In his demo, Stevens used a PDF document containing attack code that he was then able to execute using the /Launch function. Although Reader and Acrobat display a warning when an executable inside a PDF file is launched, Stevens found a way to partially modify the alert to further trick a potential victim into approving the action.
I don't have Acrobat on my home computer, so I can't help with that. The fix, according to the article, in Reader is straightforward. Go to Edit - Preferences - Trust Manager and uncheck "Allow opening of non-PDF file attachments with external applications".