Software maker Adobe Systems Inc. on Wednesday acknowledged that an information disclosure vulnerability in two of its products could be exploited by malicious hackers to hijack sensitive system information.

The flaws were flagged--and fixed--in Adobe Reader and Adobe Acrobat, two programs widely used to view and print PDF files.

Affected versions include Adobe Reader 7.0 and 7.0.1, and Adobe Acrobat 7.0 and 7.0.1 on Windows and Macintosh platforms.

In a published advisory, Adobe said the flaw was found within the Adobe Reader control.

"If an XML script is embedded in JavaScript, it is possible to discover the existence of local files. An attacker could then use the information gathered for malicious purposes," the company warned.

However, Adobe said the threat is minimized because the existence of local files can only be discovered if the complete filenames and paths are known in advance by the attacker.

The company has rolled out Version 7.0.2 for Windows and promised a Mac update will be released soon.

"Until that update is available, the company recommends that Mac users disable any Acrobat JavaScript as a temporary workaround.

To disable JavaScript in Acrobat, choose Adobe > Preferences > JavaScript and deselect Enable Acrobat JavaScript, the company said.

Read more here about a security flaw in the installation of Adobe's License Management Service.

The Reader and Acrobat patches comes just days after Adobe shipped fixes for a privilege escalation flaw in the Adobe License Management Service.

That bug was found in multiple product lines, including Adobe Photoshop CS, Adobe Creative Suite 1.0 and Adobe Premiere Pro 1.x.

Security alerts aggregator Secunia described the License Management flaw as "moderately critical" and warned that a successful attack could give a malicious hacker access to a vulnerable system.