According to security researchers, the critical unpatched Adode Reader and Acrobat vulnerability, which was first noticed by Washington-based researcher Mila Parkour on Tuesday, is “clever” as well as “impressive.”

The bug, which is being exploited by attackers, affects all the versions of Acrobat and Reader 8 and 9 for Windows, Macintosh, and UNIX systems. While even the latest versions, 8.2.4 and 9.3.4, are unsafe and open to attack, other PDF reading alternatives, like Foxit Reader, remain unaffected.

The hackers are apparently using rigged PDF documents, which include code to exploit a ‘zero-day’ flaw, in the widely-used Reader PDF viewer and in Adobe’s PDF creation software, Acrobat.

The researchers have confirmed that the sophisticated exploit circumvents two main defenses that have been erected by Microsoft for protecting Windows, ASLR (address space layout randomization) and DEP (date execution prevention).

Noting that the exploit is “pretty clever,” Chet Wisniewski, a senior security adviser at security software vendor Sophos, said: “It circumvents protections like ASLR and DEP. Its techniques are certainly out of the ordinary and a lot more sophisticated than the garden-variety [PDF] exploit.”

Despite the fact that most of the researchers have pointed out that, thus far, the attacks have largely “targeted” specific individuals or companies, Wisniewski is of the opinion that attackers are expected to quickly expand the number of the victims that the attack as well as the size of the assaults.