A zero-day flaw that can be used as a vector to bypass sandboxing in Adobe Reader X and XI has been circulating on cyber crime forums, according to Russian forensics company Group-IB.
The flaw is advertised for sale for between $30,000 and $50,000, and is being included in versions of the Blackhole exploit kit, Group-IB said in a statement on Wednesday.
"As more and more of these unpatchable zero-day threats pop up in application software and operating systems, it provides bot authors more opportunities to design more creative methods to get their malware loaded into a victims computer," said Group-IB managing partner Dan Clements.
The Blackhole exploit kit is often used to distribute banking Trojans such as Zeus, Spy Eye, Carberp and Citadel, said the company.
Adobe introduced 'Adobe Protected Mode' sandboxing in October as part of an effort to improve Adobe Reader security.