Gigamon Applied Threat Research identifies an active exploitation of a zero-day vulnerability in Adobe Flash via a Microsoft Office document. The vulnerability (CVE-2018-15982) allows for a maliciously crafted Flash object to execute code on a victims computer, which enables an attacker to gain command line access to the system. This blog outlines the targeting of the document (22.docx), the technical details of the attack chain, and highlights analysis into a range of interesting elements of the discovery. It is our goal that by sharing this, defensive security teams will be informed about the recently discovered threat activity.”]
Source: https://blog.gigamon.com/2018/12/05/adobe-flash-zero-day-exploited-in-the-wild/