According to the East European IT security vendor, 60.2% of those of its users with Adobe Reader were running a vulnerable version of the program and only 40% of users had the newest Adobe Reader X or were fully patched.
The vendor adds that out of every five users also had an unpatched version of Adobe Reader that was at least two generations old (8.x).
Commenting on the figures, Ondrej Vlcek, Avast's chief technology officer said there is a basic assumption that people will automatically update or migrate to the newer version of any program.
"At least with Adobe Reader, this assumption is wrong - and it is exposing users to a wide range of potential threats", he explained.
Interestingly, Vlcek says that Brad Arkin, senior director of product security and privacy at Adobe, agrees with this analysis.
"We find that most consumers don't bother updating a free app such as Adobe Reader as PDF files can be viewed in the older version", he said, adding that, in many cases, users only update when provisioning a new machine.
Arkin went on to say that the Avast data on user vulnerabilities was `definitely believable' with Adobe finding significant variations in the update behaviour of consumer and corporate users.
Vlcek, meanwhile, said that when he visits friends at home, he tends to find the older version, adding that malware PDF exploit packages will typically look for a variety of security weaknesses in the targeted computer, attacking when an uncovered vulnerability is discovered.
"Most exploits have been made to hit all vulnerable versions, not just one", he explained, noting that libraries of code are shared between various Adobe versions which also means that vulnerabilities are shared.