This Security Bulletin addresses several vulnerabilities, including
issues that have already been disclosed. An update is available for a
cross-site scripting (XSS) vulnerability in versions 7.0.8 and earlier
of Adobe Reader and Acrobat that could allow remote attackers to inject
arbitrary JavaScript into a browser session. This vulnerability,
previously reported in APSA07-01 on January 4, 2007, has been assigned an important
severity rating. Additional vulnerabilities have been identified in
versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow
an attacker who successfully exploits these vulnerabilities to take
control of the affected system. These vulnerabilities have been
assigned a critical
severity rating. A malicious file must be loaded in Adobe Reader by the
end user for an attacker to exploit these vulnerabilities. It is
recommended that users update to the most current version of Adobe
Reader or Acrobat available.