The host is installed with Adobe Reader or Acrobat 10.x before 10.1.14 or 11.x before 11.0.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle an XML external entity declaration in conjunction with an entity reference. Successful exploitation allows remote attackers to read arbitrary files.