This. I left Adobe in 2008 (involuntarily :-) ), and it boggles my mind that they haven't done this sort of fuzz testing and fixed the issues in the last 10+ years. Sure, putting the code in a sandbox covers a multitude of sins, but I don't think that is sufficient. Many other Adobe products use the same code to read/write PDF files, and AFAIK they don't do it in a sandbox.