Adobe Reader 8 contains an input validation error in the Download Manager. According to Adobe these flaws could result in arbitrary code execution with the permissions of the user running Adobe Reader.
Upstream security bulletin: http://www.adobe.com/support/security/bulletins/apsb08-19.html Further details from iDefense advisory: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756 http://marc.info/?l=full-disclosure&m=122583657602079&w=4 The vulnerable code is an AcroJS function available to scripting code inside of a PDF document. This function is used for HTTP authentication. By passing a long string to this function, it is possible to corrupt heap memory in such a way that may lead to the execution of arbitrary code.
This issue was addressed in: Red Hat Enterprise Linux Extras: http://rhn.redhat.com/errata/RHSA-2008-0974.html