The host is installed with Adobe reader or Acrobat 10.x before 10.1.12 or 11.x before 11.0.09 and is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to inject arbitrary web script or HTML.