Darknet points out to the sandbox that is being implemented in Adobe Reader and will be available in the next major release.
There is no doubt that this software is the most targeted Windows software nowadays. As Brian Krebs said , the last patch cycle had 23 patches!
Reading the implementation details in Darknet’s post:
This effectively relegates Reader to a new rung of privilege below that if the system user, which stops the application simply accessing key parts of the OS such as the Registry or file system as it likes. Instead all such calls will have to go through a trusted broker process if they want to communicate beyond the sandbox.