A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday. The vulnerability (CVE-2018-5002) is a stack-based buffer overflow bug that could enable arbitrary code execution. The exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims computers, according to ICEBRG researchers. The documents were sent primarily via email, Adobe says. The company on Thursday also patched another critical vulnerability (CES-4945) and two important vulnerabilities.
Source: https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/