Adobe PDF vulnerability being exploited

Updated:  There is a vulnerability in Adobe Reader which is being actively exploited in the wild.  Last week Adobe released a patch for the underlying vulnerability, which is caused by an input validation error when processing a specially crafted 'mailto' link in the PDF document.  Since the release of the security bulletin from Adobe, we have seen a significant number of spammed emails with a single PDF attachment that exploits this vulnerability.

The messages have a financial theme, with subject lines including:

Balance report
Balance statement
Credit report
Credit statement
deferred tax
Financial report
Financial statement
Income report
Income statement
Personal Balance Report
Personal Credit Points
Personal Financial Statement
Profit or loss reports
Profit or loss statement
Statement of cash flows
Statement of retained earnings
tax statement
Your Balance Report
Your Credit Points
Your Financial Statement 

The PDF attachment is very small, less than 5Kb, and the message body has a small finance-related phrase:

If opened, the code in the PDF file attempts to disable the Windows firewall, and download and execute a file called ms32.exe.  Unpatched Adobe systems are vulnerable – we recommend that you ensure Adobe Reader software is patched with the latest update, and educate users as to the potential dangers of suspicious PDF documents from unknown sources.

For MailMarshal 6.1 and later customers, we have released a Zero Day update for this exploit.  We recommend all customers enable Zero Day protection.  More information can be found here.