The out-of-cycle patch for Adobe Reader and Acrobat do not rectify the main problem that PDF readers are suffering from - the ability of a PDF to launch an executable on the guest computer.
This affects all platforms and all "full" PDF readers - although the PDF would need to be tailored and targeted for Windows, OS X, Linux etc.
Essentially the Adobe format allows a PDF to either call an executable locally stored on the computer or to embed an executable in the document and execute it. This, combined with the PDF format's capability to execute JavaScript have been a thorn in its side recently, along with it having its own version of the Flash engine embedded, for playing Flash objects within a document, which was still vulnerable to the flaws that were patched in the 10.1 release of Flash last week.
The two problems have different workarounds.
The executable and JavaScript vulnerabilities can be resolved by turning off scripting and the launching of external objects in the preferences menu.
The Flash problem is harder to deal with you need to rename the authplay.dll to something else, so that it can't be found by Adobe Reader/Acrobat when it opens the document. This will also scupper any legitimate PDF documents that contain Flash objects - but who in their right mind would bury a Flash object in a PDF anyway?
http://www.zdnet.com/news/researchers-f ... fix/441106
More information here:
http://steve.grc.com/2010/06/06/adobe-f ... -to-v10-1/
