Adobe Systems is investigating a report of a new vulnerability in Adobe Reader.
So far Adobe has not seen any attacks exploiting the vulnerability, though proof-of-concept code was posted publicly on the Full Disclosure mailing list earlier this week. The vulnerability can be exploited to trigger a denial of service. Arbitrary code execution could be possible, but has not been demonstrated.
Adobe issued a warning about the bug Thursday, the same day as it released a massive security update for Adobe Flash Player. The update plugged nearly 20 vulnerabilities, including one, CVE-2010-3654, that had been targeted by attackers. Before that
Adobe said it will continue to provide updates on the latest situation as necessary.