iDefense Security Advisory 01.12.10 – Remote exploitation of a memory corruption vulnerability in multiple versions of Adobe Systems Inc.’s Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when processing the Jp2c stream of a JpxDecode encoded data stream within a PDF file. During the processing of a JPC_MS_RGN marker, an integer sign extension may cause a bounds check to be bypassed. This results in an exploitable memory corruption vulnerability. iDefense has confirmed the existence of this vulnerability in latest version of Adobe Reader, at the time of testing, version 9.1.0. Previous versions may also be affected. Adobe has stated that all 9.2 and below versions, as well as all 8.1.7 and below versions are vulnerable.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85088/01.12.10-1.txt
Source: https://packetstormsecurity.com/files/85088/iDEFENSE-Security-Advisory-2010-01-12.1.html