Quote:
Using a flaw in the file-viewers' program code, an attacker could use a deliberately malformed PostScript or PDF file to cause a buffer overflow in the viewer that would enable code from the attacker to be run. Once executed, the code could e-mail malicious files onto the victim's system, delete the victim's files or worse, Endler said. And, while any malicious code would only be able to take advantage of the current user's security permissions, Endler notes that it is not uncommon for users to open and read mail while logged on using the administrative root account -- a condition that would give an attacker unlimited access to the victim's machine.
It's been said a million times, but this is just one more reason not to run as root......