Adobe released its security advisory for Adobe Reader, Acrobat and Flash Player in July 22, 2009, that there's a critical vulnerability in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. As the advisory indicated, this vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. Well, we at RapidRx Lab can confirm it's highly possible to execute arbitrary code via this vulnerability, and we are detecting it as Exploit/SWF.Pidief.54B6, those dropped malwares as Trojan/Agent.0BDA!dldr and Trojan/Agent.F739!drop.

Although, the samples we captured are all in PDF form, the vulnerability exists in Flash player. Adobe recommends to delete or rename the file authplay.dll that ships with the Reader and with Acrobat. Since the exploit is using Adobe's Actionscript to launch the attack, to turn off PDF's Javascript won't help at this time.

We recommend to use Firefox with Noscript to mitigate the risk, as this is the simplest method. Besides be carefull with files sent by unknown sender as always.