The vulnerability in Flash Player can be exploited to allow the attacker to take complete control of the target PC, and be able to install other malicious code or access sensitive information. Even a "failed" exploit could crash the system. Adobe has reported limited attacks in the wild targeting this flaw with a Flash (SWF) file embedded in a Microsoft Excel (XLS) file attachment in an email.
There are no known attacks directed at Adobe Reader or Adobe Acrobat yet. But, the fact that both products can render Flash content with the authplay.dll component makes them vulnerable, and there is some concern that attacks could use malicious PDF files to exploit the vulnerability.
The updates today apply to Flash Player--including the Chrome Web browser with integrated Flash support, Acrobat, and most versions of Reader. Adobe Reader X for Windows will have to wait for its update.
Adobe Reader X for Windows includes a and other such executable code from being able to interact with or impact the underlying program, or the Windows operating system. The , but the extra layer of security means that it is very unlikely that an attack attempting to exploit authplay.dll would be successful.
The for Acrobat and Reader explains, "Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011."