This Security Bulletin addresses several vulnerabilities, including issues that have already been disclosed. An update is available for a cross-site scripting (XSS) vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow remote attackers to inject arbitrary JavaScript into a browser session. This vulnerability, previously reported in APSA07-01 on January 4, 2007, has been assigned an important severity rating. Additional vulnerabilities have been identified in versions 7.0.8 and earlier of Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. These vulnerabilities have been assigned a critical severity rating. A malicious file must be loaded in Adobe Reader by the end user for an attacker to exploit these vulnerabilities. It is recommended that users update to the most current version of Adobe Reader or Acrobat available.