Adobe today confirmed that attackers are exploiting an unpatched bug in Flash Player using Microsoft Excel documents.
The company will patch Flash next week and will also update Adobe Reader, which includes code that renders Flash content inserted in PDF files....
According to a security advisory issued Monday, attackers are exploiting the vulnerability by embedding malicious Flash files within a Microsoft Excel document sent as an email attachment.
Adobe said it wasn't aware of any attacks directed at Reader or Acrobat, the popular PDF viewer and commercial PDF creator, respectively.
"This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system," Adobe acknowledged in its advisory.
More @ Link
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat: http://www.adobe.com/support/security/advisories/apsa11-01.html