Adobe is suffering from a two-fer of security flaws at present, with researchers revealing an attack which utilises both Acrobat Reader and Flash Player to infect targeted PCs with a Trojan horse.
According to an article over on CNet, the vulnerability exists in Adobe Reader 9.1.2 and Adobe Flash Player 9 and 10 and has been around since at least December 2008 – although it’s only within the last two weeks that security researchers have evidence of it being exploited in the wild.
The attack relies on the target opening a specially crafted SWF file, either as part of a web page or an e-mail, or opening a PDF file containing an embedded SWF. Once opened, the flaw is triggered and ‘dropper’ code executed which installs the malware – in the case of the current exploit, a Trojan horse package.
You can read the full story here.