Adobe’s second major vulnerability this year, this one is in two JavaScript functions; getAnnots() and spell.customDictionaryOpen().
From Adobe’s Product Security Incident Response Team (PSIRT).
All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all supported versions for all platforms (Windows, Macintosh and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue.
Until a patch is released if you use these programs disable JavaScript by opening Acrobat or Adobe Reader, > Edit> Preferences> JavaScript> Uncheck ‘Enable Acrobat JavaScript’ > OK.
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
