Well, much as I hate Flash, and consider it a security hole on roller skates all by itself, in this case it only happens to be the vector by which the real flaw in IE is activated. There's nothing inherently wrong with Flash in this particular regard. Disabling the plugin removes the path by which the bad guys get to the real vulnerability.
Speaking of Adobe, it’s a good idea to avoid their PDF reader (even though they invented the format and the computer language it relies upon) in favor of just about any other one. It’s too heavy and complex, and that has lead to security holes in the past. You need to be able to fetch PDFs into your browser seamlessly and without worrying that you are about to be pwned.