Hackers, utilizing an unpatched bug in Flash Player, are embedding malicious Flash files in Microsoft Word and Excel documents to attack users. The technique has giving some cyber-criminals a foothold into corporate networks. The vulnerability also exists in Adobe Reader and Acrobat.
RSA Security was one of the victims. Hackers gained access to their network and stole information about their SecurID two-factor authentication product. In a more recent series of attacks (this month), a malicious Flash player was embedded into a Microsoft Word document that contained content from the American Bar Association's Antitrust Source newsletter and a title Disentangling Industrial Policy and Competition Policy in China. The probable targets were legal departments of American corporations and Government.