Thanks to our good friend dookie who passed us a link to a CVE about the new exploit for Adobe 9.3. Well, I should just say it is not for 9.3 but it states:
Exploit works with Adobe Javascript disabled.
Tested : successfully tested on Adobe Reader 9.1/9.2/9.3 OS Windows XP(SP2,SP3 any languages), also works with Adobe browser plugin

A hacker by the nick of villy made a python script that will create a pdf that will launch calc.exe on a WinXP SP2 Box with the most up-to-date version of Adobe Reader installed even with Java turned off.

After playing with it we replaced the shellcode with a Windows Reverse Shell and then tried it on a fully patch system! BAM – Shell again.

We took the PDF file and uploaded it to Virus Total and an amazing 0/42 was returned and that is before we even used Shakata Ganai to encode it.

Of course we documented the adventure and put a new video up on our site on the resources page entitled Brand New Adobe 9.3 Exploit

Enjoy and stay tuned for more to come.