Adobe has released 13 security patches for Reader and Acrobat.
Critical vulnerabilities patched in Adobe Reader 10.1 and earlier versions for Windows and Macintosh could allow attackers to hijack a system and crash the application.
Patched vulnerabilities that could lead to code execution include local privilege-escalation, a buffer overflow in the U3D TIFF Resource; a heap overflow and three stack overflow flaws in the Adobe image parsing library; three stack overflow vulnerabilities in the Adobe image parsing library; two stack overflow vulnerabilities in the CoolType.dll library; a memory leakage condition vulnerability, and a use-after-free vulnerability.
Affected Adobe Reader and Acrobat product versions range from 10 to 8 for Windows and Mac. Patches were released for Reader 9.4.5 and earlier 9.x versions for Unix.
Adobe said it had not detected exploits against the vulnerabilities in the wild.
The company will cut support for Adobe Reader and Acrobat 8 on 3 November this year.
CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442