An Adobe security advisory warns of a new critical vulnerability in Flash Player 10.2.153.1 for Windows, Macintosh, Linux and Solaris, Flash Player 10.2.156.12 for Android and the Authplay.dll component in Adobe Reader and Acrobat X 10.0.2 and all earlier versions.
There are already reports that the vulnerability is being exploited using crafted .swf files embedded in Microsoft Word .doc files which are sent as an email attachment. The vulnerability can, when exploited appropriately, allow an attacker to take control of a system.

The Krebs on Security blog reports that the vulnerability has been used as part of a targeted spear-phishing campaign disguised as important government documents and launched against organisations or individuals who work for the US government. Another example of the attack shows an email with a title of "Disentangling Industrial Policy and Competition Policy In China" with a supposed copy of an article on that subject attached.

The link for this article located at H Security is no longer available.