An iDEFENSE security advisory reports:
Remote exploitation of an input validation error in the
uudecoding feature of Adobe Acrobat Reader (Unix) 5.0
allows an attacker to execute arbitrary code.
The Unix and Linux versions of Adobe Acrobat Reader 5.0
automatically attempt to convert uuencoded documents
back into their original format. The vulnerability
specifically exists in the failure of Acrobat Reader to
check for the backtick shell metacharacter in the filename
before executing a command with a shell. This allows a
maliciously constructed filename to execute arbitrary
programs.