Adobe has posted a security advisory for Adobe Reader, Acrobat and Flash Player. The company states that a critical vulnerability is present in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macs and UNIX operating systems and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x on the same operating systems.

The vulnerability (CVE-2009-1862) could cause a crash and allow an attacker to gain control of the compromised system. It is reportedly being exploited in targeted attacks against Adobe Reader v9 on Windows. Naturally, a fix is in the works and is expected to be delivered by the end of the week.

For the time being, users can mitigate the threat by deleting, renaming or removing access to authplay.dll. Doing so will cause your program to crash when attempting to view a PDF containing SWF content, however. Adobe is also recommending that users enable UAC and that they avoid untrusted websites using Flash.

For anyone who wants to use an alternative PDF reader, there is one called Foxit Reader. It's only about 7mb installed & not as bloated as Adobe, which makes a difference if you are low on disk space!

If you decide to try it, on installing it wants to install a Foxit toolbar as well as an eBay shortcut, but this can be unchecked as an option not to install them.

I have been using it a while now and haven't had a problem with reading any PDF files. Runs perfectly on my old Win98 machine (although it isn't supposed to support Win98), as it doesn't drain the resources like Adobe on less powerful machines.


PC Advisor - Foxit Reader