Adobe Systems is responding to reports of a critical zero-day exploit being sold in the criminal underground that targets a zero-day flaw in Adobe Reader X.

According to company spokesperson Wiebke Lips, the software maker has reached out to Group-IB, a Russian-based cybercrime investigation company that discovered the exploit for sale and is apparently available in a custom version of the notorious Black Hole attack toolkit. Adding the exploit to the automated toolkit makes the potential for widespread attacks greater, say experts.

"We are now in communication with Group IB so we can make a determination whether or not this is in fact a vulnerability and a sandbox bypass," Lips said. "Without additional details, and in particular a sample, there is nothing we can do, unfortunately -- beyond continuing to monitor the threat landscape and working with our partners in the security community, as always."

The exploit is able to weaken the security of computers running the latest versions of Adobe Reader, Adobe X and XI, by evading sandbox protection in the programs, which was first implemented by the software company in 2010, according to Group-IB. The first report of the zero-day came earlier this week by Brian Krebs of Krebs on Security.

The sandboxing technology implemented by Adobe, wraps its Reader software in a protective layer, intended to keep malicious code from breaking out onto a victim's machine. "Adobe has made great steps in mitigating