Adobe Reader is free software for viewing PDF documents.
A memory corruption vulnerability in
**authplay.dll** provided with Adobe Reader 9.3.2 and earlier 9.x versions allows command execution when a user opens a specially crafted PDF file that contains Shockwave Flash (SWF) content that calls the
**newfunction()** function with invalid parameters.
Apply the patches referenced in APSA10-01 when they become available. In the interim, follow the relevant directions for mitigating the vulnerability in Adobe Reader.
Exploit works on Adobe Reader 9.3.0.
The user must open the exploit file in Adobe Reader.