Computerworld: Earlier this week, Belgian researcher Didier Stevens demonstrated how a malformed pdf could run executable code on a Windows PC, possibly installing malware. All hackers would need to do is convince users to open the file.
Both Adobe, maker of the popular Acrobat Reader, and Fox-It, maker of the Fox-It Reader, say they are looking into the problem. So far, Adobe isn't planning to alter its software in response to the threat, saying, "This is an example of powerful functionality relied on by some users that also carries potential risks when used incorrectly. The warning message provided in Adobe Reader and Adobe Acrobat includes strong wording advising users to only open and execute the file if it comes from a trusted source."
Fox-It says that it will issue an update, but hasn't said how it will address the security issue.