Attackers continue to use maliciously crafted PDF files and JavaScript to take advantage of users, once the user opens the file with the exploit an attacker can execute code with the user privileges. (Note the importance of working as a non-root user!)

The exploit uses two functions specific to Acrobat, spell.customDictionayOpen() and getAnnots(). This is related to spell checking with custom dictionary and the getter method for annotations. The proof of concept was posted by "Arr1val" and possibly affect all versions of Acrobat Reader. 

You should have already disabled JavaScript in acrobat. Other workarounds include using Preview.app to open PDF files or block PDF files at the firewall. Please see the reference links to this post for alternatives to Acrobat Reader. 

Update on Wednesday, May 13, 2009 at 08:19PM by drStrangeP0rk

Adobe has posted an update to these vulnerabilities.

http://www.adobe.com/support/security/bulletins/apsb09-06.html