If you don’t have file extensions shown (not the default setting in Windows) then you might actually be dealing with notavirus.pdf.exe, a program that happens to have the same icon as Adobe Reader. You could even call it… an impostor ඞඞඞඞඞඞඞ

The other option is of course abusing some weakness in the way PDFs (or more accurately, PDF readers) work. PDF is a very complex file format, and throughout the history of Adobe Reader and similar software, there have been incidents where maliciously crafted PDF files could trick the program reading them to accidentally overwrite parts of its running code with malicious commands (buffer overflow) and other such errors. IIRC a big one was related to a specific internal compression used to make PDFs with included images/fonts/etc smaller?

EDIT: [Here’s a list of Adobe Reader’s known historical vulnerabilites](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=adobe+reader). There’s apparently a newishly discovered one [that concerns version from this March and earlier](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26425) that can be used to trick the program into running code it shouldn’t be.