Adobe Systems has rolled out patches for security vulnerabilities found in Adobe Reader 7.0 and 7.0.1, and Acrobat 7.0 and 7.0.1.
The hole in the products, referred to as an XXE (XML external entity) vulnerability, can allow XML scripts to be used to discover a user's local files. An attacker could then maliciously use the gathered information.
Adobe pointed out that local files could be found only if the attacker knows the complete file names and paths in advance of such an attack.
The vulnerability impacts Acrobat and Reader products running on both Windows and Mac platforms.
According to Adobe, Windows customers who use Reader and Acrobat should download the updates provided on its website at www.adobe.com/support/downloads.