Discovered by: Mark Dowd and wushi
This vulnerability requires no introduction. Independently discovered by both Mark Dowd and wushi of team509, this vulnerability showed how what appeared at first to just be a NULL-pointer dereference could be manipulated into yielding reliable cross-version remote code execution . For an excellent summary of the vulnerability and discussion on proper handling of malloc() return values, see the Matasano blog .
This vulnerability was also used in a mass SQL-injection assisted malware attack in late May 2008 that resulted in much security industry drama and at least a few stolen World Of Warcraft passwords. The fact that Adobe took 15 months to patch this vulnerability suggests that they believed it to be a non-exploitable NULL-pointer dereference. Oops.