This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within 2d.x3d, which is Adobe Reader's code responsible for processing BMP files. When passing a negative size parameter in the 'colors' field, a series of signed comparisons will be averted, and the overly large size parameter is passed to a memcpy(). This will cause a heap-based buffer overflow, allowing an attacker to execute code under the context of the user.