The attack was first demonstrated last week by researcher Didier Stevens. By misusing a feature contained in the PDF specification, his proof-of-concept attack showed how hackers could embed a malicious payload in a document and trick Adobe's Reader and Acrobat applications - as well as the competing FoxIT Reader - into executing it.
In the meantime, users who have no need for the automatic launch feature (and we're guessing this is 90 percent or more of them) can mitigate the threat by modifying their Reader or Acrobat preferences. To do this, go to Edit > Preferences and click on Trust Manager in the left pane. Then, uncheck the box for "Allow opening of non-PDF file attachments with external applications."Full story @ The Register