A design feature in PDF allows for the execution of a program from
within the PDF. Most PDF readers supply a warning about executing the
program before continuing.
A researcher last week showed how the warning message could be rewritten
by a malicious PDF and trick the user into allowing it to execute. It
could potentially infect other PDFs or run whatever the attacker desired.