
The vulnerability is caused by a boundary error when parsing format strings containing a floating point specifier in a certain JavaScript function.
The vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader.
Adobe Reader version 9, which was released in June 2008, is not vulnerable to the problem.