Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html
marc.info/?l=bugtraq&m=105777963019186&w=2
secunia.com/advisories/9037
secunia.com/advisories/9038
www.kb.cert.org/vuls/id/200132
www.mandriva.com/security/advisories?name=MDKSA-2003:071
www.redhat.com/support/errata/RHSA-2003-196.html
www.redhat.com/support/errata/RHSA-2003-197.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664