Adobe has released a security advisory for its Flash Player product after being notified by South Korea’s CERT of a zero-day vulnerability. The advisory warns users that Flash content can be embedded into Office documents, such as Excel, and then used to download additional malicious files.
The result of a successful attack is that the attacker can gain full control of the infected system.
For now, there is no patch for the exploit. Adobe is anticipating a patch will be released next week, February 5th. It affects all systems including Windows, Mac OS, Linux and Chrome OS.
Additionally, Adobe has confirmed that this exploit is being actively used by attackers, and recommends that system administrators enable the option that warns users if they’d like to run Flash content or not.
Adobe Flash Player 28.0.0.137 and earlier versions are affected.