Two vulnerabilities have been reported in Adobe Acrobat Reader 8.1.4 and 9.1.0 that can allow for the execution of arbitrary code as the user running Reader if javascript is enabled. http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html http://www.securityfocus.com/bid/34736 The first is a flaw in the getAnnots() function. The second is a flaw in the customDictionaryOpen() function. Adobe is recommending that users disable javascript until an update becomes available.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1492 to the following vulnerability: Name: CVE-2009-1492 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492 Assigned: 20090430 Reference: MISC: http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html Reference: MISC: http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt Reference: CONFIRM: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html Reference: BID:34736 Reference: URL: http://www.securityfocus.com/bid/34736 Reference: SECUNIA:34924 Reference: URL: http://secunia.com/advisories/34924 Reference: VUPEN:ADV-2009-1189 Reference: URL: http://www.vupen.com/english/advisories/2009/1189 Reference: XF:reader-getannots-code-execution(50145) Reference: URL: http://xforce.iss.net/xforce/xfdb/50145 The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments. Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1493 to the following vulnerability: Name: CVE-2009-1493 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493 Assigned: 20090430 Reference: MISC: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html Reference: MISC: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt Reference: BID:34740 Reference: URL: http://www.securityfocus.com/bid/34740 Reference: SECUNIA:34924 Reference: URL: http://secunia.com/advisories/34924 Reference: VUPEN:ADV-2009-1189 Reference: URL: http://www.vupen.com/english/advisories/2009/1189 Reference: XF:reader-spellcustom-code-execution(50146) Reference: URL: http://xforce.iss.net/xforce/xfdb/50146 The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 8.1.4 and 9.1 on Linux allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.
Upstream advisory indicates packages should be available May 12th: http://www.adobe.com/support/security/advisories/apsa09-02.html
Upstream has released 8.1.5: http://www.adobe.com/support/security/bulletins/apsb09-06.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Extras for RHEL 3 Via RHSA-2009:0478 https://rhn.redhat.com/errata/RHSA-2009-0478.html