It was confirmed by Adobe on Thursday that major security vulnerability is present in its Acrobat and Reader software.

In its security advisory, Adobe informed, "This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited."

It was explained by Symantec security researcher Patrick Fitzgerald that a PDF parsing error was responsible for causing this vulnerability. He wrote on his blog post that the malicious document would trigger the vulnerability once it is opened.

Fitzgerald added, "The JavaScript payload then sprays the heap with the malicious shellcode in an attempt to increase the chances of a successful exploit. If the exploit is successful, a malicious binary will be dropped and executed on the victim's system."

It has been informed by Fitzgerald that the spiteful payload is actually a backdoor Trojan, which appears from an open source toolkit known as Ghost that originated in China. The attacker is permitted to access the victim's desktop, record keystrokes, and access the machine remotely, once it is installed on the computer.

Adobe Reader 9 and earlier versions, and Adobe Acrobat Standard, Pro, Pro Extended 9, and earlier versions are all affected by this vulnerability. By 11th March, Adobe might launch updates for Acrobat Reader 9 and Acrobat 9 which would be followed with updates for earlier versions of software.