Adobe warns of Flash Player zero-day exploit via Word document


Adobe warns of Flash Player zero-day exploit via Word document Staff

Adobe Systems Inc. has issued a security advisory notifying users of a serious Flash Player zero-day vulnerability that could be used by attackers to gain complete control of a system and warning that

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

ongoing attacks are spreading using a malicious Microsoft Word document.  

The flaw affects Adobe Flash Player for Windows, Macintosh, Linux and Solaris and Flash Player for Android and Chrome users. In a security advisory issued Monday, Adobe said the vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. In addition a component in Adobe Reader and Acrobat X for Windows and Macintosh systems is also affected.

“There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment,” Adobe said. “At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat.”

Adobe said the threat to Reader X users is significantly lower because this issue does not bypass Adobe Reader Protected Mode.

Adobe has not ruled out an out-of-band update to fix the vulnerabilities. Engineers are still testing an update to Flash Player for Windows, Macintosh, Linux, Solaris and Android. The company is also still readying an update for Adobe Reader and Acrobat.

Adobe Reader X for Windows will be updated during the next quarterly security update  scheduled for June 14.

Adobe’s last official update was March 21, when it repaired a Flash Player vulnerability being targeted by attackers using Microsoft Excel files. Adobe also repaired a security problem that affects the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.