The McAfee security firm found an Adobe Reader vulnerability that reveals where a PDF document is opened. The vulnerability doesnt allow remote code execution, anyway McAfee consider it a security issue and have alerted the Adobe company. It is possible to manipulate a parameter of the API to obtain information on the document such as the location of a document on a system (using the JavaScript call this.path) McAfee suggests to the users to disable JavaScript in Reader until the patch will be released.”]
Source: http://securityaffairs.co/wordpress/14023/hacking/adobe-reader-vulnerability-reveals-pdf-path.html