"Danish bug tracker Secunia rated the threat as "extremely
critical," the highest ranking in its five-step scoring system. The
U.S. Computer Emergency Readiness Team (US-CERT), an arm of the
federal Department of Homeland Security, also posted a warning of
"Attackers exploiting the flaw may be able to hijack the
targeted computer, Adobe acknowledged.
"The bug warning was almost identical to one Adobe released July
22, 2009, when it said Flash Player, Reader and Acrobat harbored a
vulnerability and were under attack. Adobe patched the flaw on July
31, 2009. Some researchers claimed Adobe had known of the Flash
flaw for more than half a year.
"Friday's advisory noted that vulnerability exists not only
inside Flash, but also within the "authplay.dll" file packaged with
every Windows copy of Reader and Acrobat. That file is the
interpreter that handles Flash content embedded within PDF