Darknet points out to the sandbox that is being implemented in Adobe Reader and will be available in the next major release.

There is no doubt that this software is the most targeted Windows software nowadays. As Brian Krebs said , the last patch cycle had  23 patches!

Reading the implementation details in Darknet’s post:

The new Reader design will see core and risky PDF functions such as font rendering, Javascript execution, 3D rendering and image parsing happen within the confines of the application itself, isolating these from the privileges of the operating system.

This effectively relegates Reader to a new rung of privilege below that if the system user, which stops the application simply accessing key parts of the OS such as the Registry or file system as it likes. Instead all such calls will have to go through a trusted broker process if they want to communicate beyond the sandbox.