They allow for remote code execution through malformed PDF files
According to Arr1val's PoC exploits, published on Packet Storm during the early hours of Tuesday, the vulnerabilities were tested on Adobe Reader 9.1 and Adobe 8.1.4 running on Linux. Adobe acknowledged the report and started an investigation into the issues. "We are currently investigating, and will have an update once we get more information," David Lenoe initially announced on the blog of Adobe's Product Security Incident Response Team (PSIRT).
Even though no attacks targeting these flaws have yet been reported in the wild, now that exploit code is available, that is very likely to change. And as past examples stand to show, it might take Adobe a considerable amount of time to release a fix. Back in February, when a similar 0-day critical vulnerability started being exploited in the wild, it took the company over three weeks to issue a patch.