Last month’s hack of RSA Security began with an exploit of a then-unpatched vulnerability in Adobe Flash Player. Attackers gained access to RSA’s network by sending two small groups of employees e-mails with attached Excel spreadsheets. One of those employees opened an embedded Flash file that exploited a “zero-day” vulnerability. Adobe had issued a security advisory acknowledging that attackers were exploiting an unpatched bug in Flash Player using tricked-out Excel documents. Adobe did not name RSA as the target of the ongoing attacks.”]
Source: https://www.csoonline.com/article/2127948/rsa-hackers-exploited-flash-zero-day-bug.html