Just recently (I am a little late on this story however), they have found a zero-day exploit (IE: it was already being used to run arbitrary code on peoples machines when found), in Adobe Reader and Acrobat.
The exploit takes advantage of the fact that almost all of the newer versions of this software leave JavaScript [...]