Over the weekend, security vendor iDefense reported three specific exploits affecting a fully patched version of Adobe Acrobat and Reader 8.1 running on Windows. In each of the cases, the attacker would need to have the users open a specially crafted PDF file delivered via an e-mail attachment or linked from a Web site.

The infection – which was not detected by the major anti-virus firms until iDefense notified them this weekend – is spread through malicious banner ads being hosted on legitimate websites, he said. Users, whose machines are not running Adobe Reader and Acrobat 8.1.2, are hit with a behind-the-scenes PDF exploit just by visiting the compromised sites.

One of the two advisories that cited JavaScript flaws said there were “multiple stack-based buffer overflows in JavaScript methods” within Adobe Reader and Adobe Acrobat, a more advanced application that sells for $299 and up. “Exploitation of these vulnerabilities would allow an attacker to execute arbitrary code as the current user,” the iDefense advisory said.

Users are urged to upgrade Adobe Acrobat Reader to version 8.1.2, which patches the vulnerability and prevents the attack being launched.