Adobe has confirmed the vulnerability in its Adobe Reader product and proposed a workaround. The 'Launch Actions/Launch File' function allows the launching of scripts or .exe files embedded in PDF files, indeed this option is part of the PDF specification. The vulnerability can also, in principle, be exploited to spread PDF worms, as demonstrated in a video from blogger Jeremy Conway.
The vendor is advising users to deactivate the "Allow opening of non-PDF file attachments with external applications" option under Edit/Preferences/Trust Manager. This option is activated by default. After disabling this option, the demo exploit is no longer able to launch a command line when opened in Adobe Reader. Adobe Acrobat is also affected by the problem and can also be protected by deactivating this option.
Adobe is advising administrators to generate the following registry key on users' systems to deactivate this option:
To ensure that users are not able to reactivate this option, it can be greyed out as follows:
Continued here: http://www.h-online.com/security/news/item/Adobe-issues-official-workaround-for-PDF-vulnerability-971932.html
More from the Adobe Reader Blog: PDF "/Launch" Social Engineering Attack