The flaws stem from memory corruption errors in the AcroPDF ActiveX control (AcroPDF.dll) and affect Adobe Reader, Acrobat Standard and Acrobat Professional versions 7.0.0 through 7.0.8, the San Jose, Calif.-based vendor said in a Tuesday advisory.
The vulnerabilities can only be triggered through Internet Explorer, and Adobe said it's working on an update to Adobe Reader and Acrobat 7.0.8 that will address the vulnerabilities.
Remote attackers could exploit the vulnerabilities by duping users into visiting a rigged Web page using Internet Explorer, according to the French Security Incident Response Team (FrSIRT). Adobe credited FrSIRT with discovering and reporting the flaws.
Adobe recommended that users delete the AcroPDF.dll from the Acrobat Program Files folder, but the company warned that doing so could impact enterprise workflows since it prevents PDF documents from opening in Internet Explorer.