Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat.
Adobe Acrobat 9.x
Adobe Acrobat X 10.x
Adobe Reader 9.x
Adobe Reader X 10.x
Vulnerabilities can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, gain knowledge of potentially sensitive information, and compromise a user's system.
1) An integer overflow error when handling True Type Font (TTF) can be exploited to corrupt memory. CVE-2012-0774
3) The application loads executables (e.g. msiexec.exe) in an insecure manner. This can be exploited to run an arbitrary program by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share and repairing the installation.
NOTE: This vulnerability affects the Macintosh and Linux versions only.
5) The application bundles a vulnerable version of Adobe Flash Player.
Cross Site Scripting
Exposure of sensitive information
The vendor has issued a fix. The patch is available at Adobe downloads