This is pretty bad! Still, this is the year of PDF exploits…
Didier Stevens found the vulnerability/ design flaw. Essentially it allows you to include executable files within a .pdf file, and auto-execute them as soon as the PDF is viewed! What’s more is that it doesn’t require javascript to be enabled. The PDF format does not allow you to embed binaries, but there is a ‘Launch Action’ which can launch a command, Didier has manipulated this to execute embedded data and he has even managed to manipulate the user warning shown below to display a custom message.
Adobe reader requires user interaction to launch the executable, however Foxit Reader just blindly auto executes it with no user intervention! 
Modified warning message:
There is a demo PDF that launches a command prompt, working perfectly on Windows 7 (it wont protect you!). Although he isn’t disclosing the actual vulnerability till it’s fixed. I will put money on it being reverse engineered and in the wild within a few days though.