The vulnerability in Adobe Acrobat and Reader discovered earlier week is being used to install malware onto enterprise machines.
The malware, Sykipot Trojan, has been used to exploit previous Adobe vulnerabilities.
Researcher Brandon Dixon wrote on security blog 9b+ that the exploit crashed his open Adobe programme and instead opened up a new file. It was this file that pointed to an attack on a large US defence contractor.
"Using Adobe Reader 9.4.6, the PDF was executed resulting in a crash and opening of a new document. This new document is a survey geared towards defense contractor ManTech," wrote Dixon.
The malware then attempts to make several registry changes and contacts an external URL. It is then likely to download further malicious code and assume control of the machine.
There has also been speculation this week that UK defence contractor Lockheed Martin had fallen foul of the vulnerability, as it was thanked by Adobe for notifying it of the breach.
However, the firm has since denied it has suffered any breach.
"We did not experience a cyber breach or intrusion resulting from the Adobe Reader vulnerability, and our information systems remain secure," a spokesperson told Computing.
He added that the breach was discovered by the firm's new Security Intelligence Centre, based in Farnborough, UK.
"Our advanced cyber analysis and intelligence team at the Lockheed Martin Security Intelligence Center routinely identifies and blocks malware attempting to exploit vulnerabilities in software applications such as Adobe Reader and, as is our standard practice, we report any findings to the developer.
"In this case, Adobe recognised us for identifying this vulnerability."