08 Sep 2010
06 Oct 2010
Adobe Acrobat 8.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
A vulnerability has been discovered in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within CoolType.dll when processing the "uniqueName" entry of SING tables in fonts and can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a malicious PDF file containing a specially crafted embedded font.
The vulnerability is reported in version 8.2.4 (confirmed) and prior and version 9.3.4 (confirmed) and prior.
NOTE: The vulnerability is currently being actively exploited.
Update to version 8.2.5 and 9.4.
Reported as a 0-day.