Some vulnerabilities have been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.

1) Multiple boundary errors in several unspecified JavaScript methods can be exploited to cause stack-based buffer overflows via a specially crafted .PDF file.

Successful exploitation allows execution of arbitrary code.

NOTE: The vulnerability is reportedly being exploited in the wild.

2) An unspecified insecure JavaScript method in EScript.api can be exploited to execute arbitrary code via a specially crafted .PDF file.

3) An error in the loading of "Security Provider" libraries can be exploited to execute arbitrary code by e.g. tricking a user into opening a .PDF file in a directory that contains a malicious library with the same filename as a "Security Provider" library.

4) The insecure JavaScript method "DOC.print()" can be exploited to silently print a specially crafted PDF file.

5) An integer overflow in the "printSepsWithParams()" JavaScript method can be exploited to cause a memory corruption via a specially crafted .PDF file.

Successful exploitation allows execution of arbitrary code.

6) Two boundary errors within Acrobat Distiller can be exploited to cause heap-based buffer overflows via specially crafted .joboptions files containing overly long (greater than 160 characters) font names within the "/AlwaysEmbed" and "/NeverEmbed" parameters.

Successful exploitation allows execution of arbitrary code.

The vulnerabilities affect the following versions:
* Adobe Reader 8.1.1 and earlier
* Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier

Solution
Update to version 8.1.2.
Further details available to Secunia VIM customers

Provided and/or discovered by
1) Reported as an 0-day. Also reported by Greg MacManus, iDefense Labs.
2-3) Greg MacManus, iDefense Labs.
4) cocoruder of Fortinet Security Research Team
5) An anonymous researcher, reported via ZDI
6) Paul Craig of Security-Assessment.com

The vendor also credits:
* Tavis Ormandy and Will Drewry of the Google Security Team

Changelog
Further details available to Secunia VIM customers

Original Advisory
Adobe APSA08-01:
http://www.adobe.com/support/security/advisories/apsa08-01.html

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655

Fortinet:
http://www.fortiguardcenter.com/advisory/FGA-2008-04.html

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-004.html

Security-Assessment.com:
http://www.security-assessment.com/files/advisories/2008-05-15_Acrobat_Distiller_Malformed_joboptions_File.pdf

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers