it will release an update for its Flash Player
on Friday 15 April, fixing a vulnerability
that is currently being exploited
The vulnerability, which affects Flash Player 10.2.x
, can be used by attackers to take control of an infected system. It is currently being used via Flash embedded in malicious websites and in Microsoft Word
documents. In the latter case, spam messages - usually referring to the Fukushima nuclear disaster - arrive with a Word
file attached. On opening the file, the Flash code is executed and, after allowing remote access for the attacker, the document is replaced by a clean version to avoid detection."
An analysis can be found here:- Analysis of the CVE-2011-0611 Adobe Flash Player vulnerability exploitation - Microsoft Malware Protection Center - Site Home - TechNet Blogs