PDF exploit requires no specific security hole to function
Bad news: PDF security specialist Didier Stevens has developed a PDF document which is capable of infecting a PC – without exploiting a specific vulnerability. The demo exploit works both in Adobe Reader and in Foxit. Stevens says he used the "Launch Actions/Launch File" option, which can even start scripts and EXE files that are embedded in the PDF document. This option is part of the PDF specification.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump