I figured it would happen eventually, but not quite so soon. It appears that Adobe Reader is suffering from at least two more zero-day vulnerabilities – less than two months after the JBIG2 vulnerability. Here’s the low-down.
All currently supported shipping versions of Adobe Reader and Acrobat (9.1, 8.1.4, and 7.1.1 and
earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all affected versions
Many people made this recommendation when the last vulnerability was uncovered (jbig2 vulnerability), but it just seems to be louder this time; find an alternative reader to the Adobe Reader product. If you need an idea for what is available out there, take a look at PDFreaders.org. I know that I have made the recommendation where I work, but it might not be that easy. Corporations sometimes will rely heavyly on Adobe Reader to view custom business forms that are used on a daily basis with customers. That reliance will often show itself in the in-house applications that make calls directly to the Adobe DLL.
You can read a bit more about the challenges of replacing Adobe Reader and Acrobat here.