Back in December, I posted a note about a newly-discovered critical vulnerability [CVE 2009-4324] in all current versions of Adobe Reader and Adobe Acrobat. At that time, Adobe had issued a security advisory , and indicated that a fix would not be available until the middle of this month (January 2010).
Now the SANS Internet Storm Center has published a diary entry saying that this vulnerability is being actively exploited via targeted attacks (that is, attacks directed at specific organizations or individuals) using maliciously crafted PDF documents. The diary entry includes a technical analysis of the attack, which is quite sophisticated. At present, the malicious code is not detected by anti-virus software, with very few exceptions.