The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote malicious users to execute arbitrary code via a crafted PDF file.
tracker-software pdf-xchange viewer 2.5