Usually, such cross-site scripting is the result of server-side security failures, Hoffman said. With the Adobe flaw, however, any company that hosts a PDF file on its Web site could find itself being co-opted in an attack, regardless of how secure their sites may otherwise be, he said.

The likelihood of attacks that take advantage of the flaw is high because of the widespread use of Adobe's software and the ease with which the flaw can be exploited, Dunham said. But the likely impact of such attacks at least appears to be fairly low, he said.

"We don't see anything more significant than stealing cookies and session data and that sort of thing," Dunham said. There have been some discussions about whether it is going to be possible to create a cross-site scripting worm to take advantage of the flaw, he said. But for now, this remains "unproven, undeveloped and relatively unlikely at this time," he said.