Versions 8 and 9 of Acrobat and Reader are said to be vulnerable, and version 7 may also be affected by the issue.
Adobe has acknowledged the reports, and in a brief statement said it is "currently investigating this issue and assessing the risk to our customers."
It seems that the exploit was initially used in targeted attacks, but this may change now the cat is out of the bag.
While a vulnerability is not detected by most security software, it makes sense to limit its use to specific, high value targets and thus stay largely under the radar. Mass distribution is more likely to be detected by spam filters, leading to analysis of the content.
Security vendors are adding detection for specific exploit files, and various elements of the attacks may be caught by generic detections.