Researchers at Core Security Technologies recently found a bug in Adobe Reader and Adobe Acrobat that could give attackers unlimited access to affected systems. The vulnerability exists in Adobe Reader and Acrobat 8.1.2, and possibly in earlier versions of the software. The problem doesn’t exist in Adobe Reader 9.
According to Adobe, the bug in question stems from an input validation issue in a JavaScript method that could lead to remote code execution. For more information about how Core Security Technologies discovered the flaw, see “Security Bug Bites Adobe Reader.” For Adobe’s security bulletin regarding the vulnerability, see the Security Update available for Adobe Reader and Acrobat 8.1.2 website, where you can also download Adobe Reader 8.1.2 Security Update 1.