But first, I guess you are running an OS which leaves you no choice but having an AV running. Otherwise, you're probably reading this for fun and knowledge, which is even better.
The vulnerability I'll be discussing about is quite old now (8 months), and is about the way Adobe Acrobat Reader parses PDF files with JBIG streams within. You can read an analysis of the vulnerability in other places. Since this isn't a new vulnerability, you'd guess that by now AV products would be able to block it well. You guess wrong.
I've taken a sample which is generally blocked by most AV products, and did a little modification to the 5th byte in the stream. The modification left the 6th bit on, so the file is still malicious. Now have a look at the first picture below - only 1 AV caught it as malicious.
Let's make another modification and change some few more bits, still leaving the 6th bit on... drum roll... not even a single AV did the job (second picture below). The file has passed and could potentially exploit the unsuspecting user who believes that having a decent AV would keep him safe.