Adobe Advises on Critical Flash Bug Exploited in the Wild
15 Mar 2011
PC Magazine, By Larry Seltzer
Adobe has revealed that an unpatched Flash Player vulnerability could allow for denial of service or remote code execution on the system. Because they include Flash player functionality, Acrobat and Reader are also affected.
Roel Schouwenberg, a senior malware researcher at Kaspersky, has already blogged on the matter and makes the point that the really strange part of it is that you can embed Flash objects in an Excel file.
"As such, it would be great if Microsoft would allow us to turn off these excess features. Or, alternatively, Adobe could disallow such integration to reduce the attack surface," Schouwenberg wrote. "The reason why the attackers are using Excel as a delivery vehicle is simple. This way the attack can easily be delivered through email. So be extra cautious when you receive XLS files you didn't request."