Adobe is aware of a recently published report of potential vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities would cause the application to crash and, although Adobe is not aware of any specific code exploits at this time, could potentially allow an attacker to take control of the affected system.

Adobe Reader 7.0.0 through 7.0.8 and Adobe Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform when using Internet Explorer. Users of other browsers are not affected.

Also Computerworld - Adobe falls down gaping security hole [computerworld.com]

Adobe Systems Inc. has acknowledged that recent versions of Reader and Acrobat contain unpatched bugs that could allow attackers to take over Windows systems via Internet Explorer.

The bugs were discovered by security company FrSIRT and reported to Adobe a week ago, the company said in an advisory this week. Both FrSIRT and Adobe classified the bugs as "critical", since they could be exploited by simply luring an Internet Explorer user to a malicious website.

In short, if you are using IE, viewing a PDF which exploits the vulnerability can lead to your entire machine being compromised. The hole remains unpatched by Adobe at the time of writing, and the proposed workaround is to delete the PDF plugin for IE.

Whilst this is an Adobe bug, not an IE bug specifically, the vulnerability is exploited using ActiveX, which is only available in IE.

[edited by: encyclo at 6:46 pm (utc) on Dec. 3, 2006]