The bug was discovered by security watchers Core Security. According to an advisory posted on the company’s site, the flaw was discovered while investigating the feasibility of exploiting a bug in Foxit Reader that had been disclosed in May 2008.

The advisory reads the following:

“Adobe Reader suffers from a stack buffer overflow when parsing specially crafted (invalid) PDF files. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.”

Users are advised to apply the patch as soon as possible. If such an action is impossible for the time being, they are advised to choose a workaround solution and disable the Javascript functionality.