Two recent US-CERT Vulnerability Notes [cert.org] describe similar issues in Adobe Reader and Foxit Reader PDF viewing applications. The vulnerabilities, that both applications failed to properly handle JPEG2000 (JPX) data streams, were discovered as part of our Vulnerability Discovery initiative. The two vulnerability notes are quite similar, except for one aspect: attack surface. Read the full blog post [CERT.org: Vulnerability Note: Adobe Reader, PhantomPDF are plagued by several high-severity flaws that could enable remote code execution.
Source: https://threatpost.com/vulnerabilities-and-attack-surface-062509/72834/