Adobe Reader / Acrobat Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Adobe Reader / Acrobat, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

1. An error in 3difr.x3d and tesselate.x3d due to the component trusting the provided string length when processing certain files can be exploited to cause a stack-based buffer overflow.
2. An unspecified error can be exploited to cause a heap-based buffer overflow.
3. An integer overflow error in ACE.dll when parsing the "desc" ICC chunk can be exploited to corrupt memory via a specially crafted PDF file.
4. An unspecified error can be exploited to corrupt memory.
5. An error due to the application loading certain unspecified libraries in an insecure manner can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.
6. Certain unspecified input is not properly sanitised and can be exploited to execute arbitrary script code.
7. An unspecified error can be exploited to bypass certain security restrictions, which affects Adobe Reader and Acrobat X 10.x only.
8. An unspecified error can be exploited to corrupt memory.