Adobe Systems has rolled out patches for security vulnerabilities found in Adobe Reader 7.0 and 7.0.1, and Acrobat 7.0 and 7.0.1.

The hole in the products, referred to as an XXE (XML external entity) vulnerability, can allow XML scripts to be used to discover a user's local files. An attacker could then maliciously use the gathered information.

Adobe pointed out that local files could be found only if the attacker knows the complete file names and paths in advance of such an attack.

The vulnerability impacts Acrobat and Reader products running on both Windows and Mac platforms.

According to Adobe, Windows customers who use Reader and Acrobat should download the updates provided on its website at

The company said it will release an update for Mac OS versions shortly. Until this patch is available, Adobe advises end-users to disable any Acrobat JavaScript. This should protect their systems from the vulnerability.