PDF readers such as Adobe's Acrobat Reader and competitor Foxit Reader disallow embeded executables, PDFs are able to define actions to be taken when the PDF is opened by using so-called /Launch /Action commands. Mr. Stevens takes advantage of this fact to create an exploit that theoretically can be launched against just about any platform, including Windows, Mac OSX, and Linux based operating systems for which there is a PDF reader that closely enough follows the PDF standard.
Reports indicate that Adobe Acrobat reader will prompt the user to allow the actions, but that the text of the alert box is partially controlled by the attacker, allowing for social engineering attempts. Foxit Reader doesn't even present an alert and merely executes the instructions. PDF Xchange Viewer, however, neither prompts the user nor executes the instructions.
Original Blog post
The Register article
Edited by Andrew, 31 March 2010 - 05:56 PM.