Adobe users are being urged to upgrade their software after the firm reassessed the impact of a recently discovered vulnerability in Adobe Reader and Adobe Acrobat 7.

The flaw, first discovered last month, was initially thought capable only of crashing Adobe's software. Subsequent investigation revealed the flaw also creates a potential means for hackers to run hostile code in cases where Windows users running the affected software and IE (though not other browsers) visit maliciously constructed websites.

Although not the subject of active exploitation by hackers, the flaw is serious enough for Adobe to advise users to either upgrade to Adobe Reader 8 or replace a buggy library file (AcroPDF.dll) that's the source of the problem, as explained here.

In related news, Adobe also advised users to update its Download Manager software following the discovery of a buffer overflow flaw. The bug, if left untreated, allows hackers to compromise vulnerable systems providing they can trick potential marks into visiting maliciously constructed websites. More details on the bug can be found in Adobe's advisory here. ®

Related stories

• Online ads diet planned for Adobe Photoshop (2 March 2007)
• Adobe Reader update lances multiple bugs (11 January 2007)
• PDFs open critical hole in Internet Explorer (1 December 2006)
• Adobe, Symantec press EC to remove Vista tanks from their lawns (22 September 2006)
• Adobe builds web conferencing into Acrobat (18 September 2006)
• Adobe adopts monthly patch cycle (15 December 2005)
• In brief Adobe warns over PDF peril (17 August 2005)
• Adobe patches Acrobat, Reader flaws (17 December 2004)