Adobe says hackers are exploiting an unpatched bug in Flash Player by embedding malicious code in Word. Adobe issued a similar warning about a similar flaw four weeks ago. Attackers embed Flash attack files into Microsoft Word document sent as an email attachment. Adobe did not spell out a patch timeline for the newest Flash zero-day vulnerability. The vulnerability also exists in Adobe Reader and Acrobat, both of which include code that renders Flash content in PDF files. An independent security researcher who reported the latest Flash flaw to Adobe said attackers have inserted a malicious Flash Player file into a Word document.”]
Source: https://www.csoonline.com/article/2127979/adobe-confirms-critical-flash-zero-day-bug.html