3 of the vulnerabilities are rated critical.
Adobe has acknowledged but won’t issue a patch for the recently disclosed “Zero-Day” remote code execution vulnerability in Reader and Acrobatuntil January 12, 2010, which is also the next Microsoft & Adobe Patch Tuesday.
- Launch Acrobat or Adobe Reader.
- Select Edit>Preferences
- Click OK
The exploit itself is being passed around and is available (to Offensive Computing subscribers) here. It also appears that development of a Metasploit module is underway already. There goes the neighborhood…