(RHSA-2007:0017) Critical: Adobe Acrobat Reader security update

The Adobe Acrobat Reader allows users to view and print documents in
portable document format (PDF).

A cross site scripting flaw was found in the way the Adobe Reader Plugin
processes certain malformed URLs. A malicious web page could inject
arbitrary javascript into the browser session which could possibly lead to
a cross site scripting attack. (CVE-2007-0045)

Two arbitrary code execution flaws were found in the way Adobe Reader
processes malformed document files. It may be possible to execute arbitrary
code on a victim’s machine if the victim opens a malicious PDF file.
(CVE-2006-5857, CVE-2007-0046)

All users of Acrobat Reader are advised to upgrade to these updated
packages, which contain Acrobat Reader version 7.0.9 and are not vulnerable
to these issues.