According to an article published over on CNET
the new vulnerability was first spotted by Didier Stevens
and further developed by NitroSecurity's Jeremy Conway, who was able to create proof-of-concept code which was able to attack a system simply by fooling a user into accepting a single dialog box following the opening of a malicious PDF.
The attack makes use of the 'incremental update' feature of the PDF standard, and unlike previous attacks
The news isn't just bad for Adobe, however - and those who recommend switching to alternatives to Adobe's Reader PDF viewer should take note - as the popular Foxit Reader PDF viewer is also vulnerable to this particular attack. In fact, Stevens explains that "in this case, Foxit Reader is probably worse than Adobe Reader, because no warning [dialog] gets displayed to prevent the launch action.
So far, neither company has provided a patch to mitigate this particular attack, although both are investigating the issue.