OK Guys the older version is worse so at least upgrade to reader 6.02 it is still more secure than the 5 versions. Just be aware of the issue. All warning s are to ensure us resident geeks stay employed Adobe Acrobat Reader ActiveX Control Buffer Overflow Vulnerability Secunia Advisory:SA12303 Release Date:2004-08-16Last Update:2004-08-18 Critical: Highly criticalImpact:System access Where:From remote Solution Status:Partial Fix Software:Adobe Acrobat Reader 5.x Adobe Reader 6.x Choose a product and view comprehensive vulnerability statistics and all Secunia advisories affecting it. CVE reference:CAN-2004-0629 Description: Rafel Ivgi has reported a vulnerability in Adobe Acrobat Reader, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "pdf.ocx" ActiveX component supplied with Adobe Acrobat Reader. This can e.g. be exploited via a malicious website using a specially crafted URL to potentially execute arbitrary code. Example: http://[host]/[directory]/[existing_pdf].pdf%00[long_string] NOTE: This only works on servers, which truncate the URL before the "%00" sequence (e.g. IIS and Netscape Enterprise). The vulnerability has been reported in version 5.0.5. Other versions may also be affected. Solution: The vendor has stated that this issue was fixed in Adobe Acrobat Reader 6.0.2. However, it has been reported that the issue might not have been completely fixed and still can be used to cause a Denial of Service (DoS). Prevent PDF files from automatically being opened in a web browser: 1. Open Adobe Acrobat/Acrobat Reader. 2. Edit --> Preferences --> Internet. 3. Uncheck the "Display PDF in browser" setting. Provided and/or discovered by: Rafel Ivgi Changelog: 2004-08-18: Updated steps in "Solution" section. Original Advisory: http://www.idefense.com/applicat...?id=126&type=vulnerabilities Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.