• Adobe Acrobat Pro 9.0.0 and earlier versions
• Adobe Acrobat Pro Extended 9.0.0 and earlier versions
• Adobe Acrobat Standard 9.0.0 and earlier versions
• Adobe Reader 9.0.0 and earlier versions

A vulnerability has been found in versions 9.0.0 and earlier of the Adobe Acrobat family of applications that may cause the program(s) to crash, as well as allow a remote user to execute malicious code on an affected system.

It exploits a vulnerability in a non-JavaScript function call; however JavaScript is also used to successfully execute malicious code. Disabling JavaScript will prevent code execution, but not crashes of Adobe Acrobat/Reader.

As of March 10, 2009, Adobe has released the patch for this Adobe Acrobat and Adobe Reader vulnerability. Please refer to this official Adobe security bulletin for details on these patches.

Third Brigade also released a security advisory for this vulnerability. Please consult this page for more details.

Steps to work around this vulnerability may be found at the US-CERT Technical Cyber Security Alert TA09-051A.