Adobe is expected to disclose on Tuesday a security vulnerability in an older version of its Reader document viewing software, according to Core Security. The security vendor discovered a flaw in Adobe Reader 8.1.2 that would allow an attacker to compromise a machine via the malicious use of a PDF (Portable Document Format). Adobe told its users back in February to update to this version to avoid vulnerabilities in earlier versions of the Reader. The problem seems to exist in the JavaScript engine that allows an attacker to send a PDF with malicious JavaScript embedded in it to wholly compromise any computer using Adobe, becoming quite like a Trojan.

The vulnerability was discovered in May by Damian Frizza, a CoreLabs researcher, while he was investigating a similar vulnerability in a different PDF viewer application called Foxit Reader. After the discovery, Core Security immediately reported to Adobe. Ivan Arce, chief technology officer at Core Security, told the media that companies which build products with different technologies and code bases should also check for bugs in their applications when rival software is found to be vulnerable.

A security update seems to be on its way today and it looks like Adobe Reader 9, released in June, is not vulnerable to the problem. After an initial examination of the bug, it was believed that the issue was not exploitable in Adobe Reader due to the use of two structured exception handlers in the program, but it has been proven the bug is extremely dangerous. Another way to fight the bug, besides the security update, is by disabling the JavaScript functionality in the software’s Edit menu.