These flaws are due to memory corruption errors in the ActiveX AcroPDF control (AcroPDF.dll) as it does not adequately handle badly constructed arguments when passed to the "src()", "setPageMode()", "setLayoutMode()", "setNamedDest()" and "LoadFile()" methods. A remote attacker could exploit this problem to execute arbitrary commands if he were able to trick users into visiting a specially crafted web page.

Adobe Reader versions 7 to 7.0.8 and Adobe Acrobat (Standard and Professional) versions 7.0.0 to 7.0.8 are affected.

As a workaround, Adobe recommends deleting the "AcroPDF.dll" library, to prevent PDF documents from being opened from Internet Explorer. Adobe offers more information at: http://www.adobe.com/support/security/advisories/apsa06-02.html.