Adobe Reader 7, 8 and 9 code execution through buffer overflow

A buffer overflow in Adobe Reader allows for code execution when a user
opens a malicious PDF file.

Adobe will be releasing updates to v9 on March 11, 2009. Version 8 and
7 patches will follow soon after.

The exploit is currently active and uses Javascript embedded in the PDF
file to inject its payload into the heap.

The only known mitigation at this point is to disable Javascript in
Adobe Reader, which will prevent code execution, but not crashing
Adobe's product:

Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat

It is recommended that users disable JavaScript until the patches are
available to avoid this exploit.

Adobe is talking to anti-virus vendors about a signature to catch
malicious PDFs of this type.