A security researcher has published a proof-of-concept exploit for a known vulnerability in Adobe Reader.

The researcher, known only as 'Cyanid-E', unveiled his creation in a posting to the Full Disclosure security mailing list on Tuesday.

The vulnerability has been confirmed on a fully patched Windows XP system running Adobe's Acrobat Reader 8.1 and Internet Explorer 7.

Details about the vulnerability were published in late September on the GNU Citizen blog.

The blog did not post proof-of-concept code at the time because it expected Adobe to be slow to respond. Proof-of-concept code can easily be turned into live attack code, and the publication could have put users at risk.

The proof-of-concept demonstrates the exploit by opening the calculator application when users open a specially crafted PDF file.

Although the code is harmless, criminals could easily modify it to install malware or recruit a system into a botnet.

Adobe acknowledged the flaw earlier this month and published a workaround that protects users.

A spokesperson for Adobe told vnunet.com that the company is aware of the proof-of-concept and is preparing to release an update within the next two weeks.

Adobe recommends users to implement the workaround and use extreme caution when viewing and downloading "unsolicited communications".