An Adobe Flash Player 0-day vulnerability is being exploited in the wild and used in limited, targeted attacks against Windows users, according to an Adobe advisory and Talos security group.
A successful exploitation of this critical vulnerability (CVE-2018-4878) could allow an attacker to take control of the affected system.
The attacks leverage Office documents with embedded malicious Flash content distributed via email. When victims open the document, the exploit gets executed in order to download an additional payload from a compromised website, according to the Talos report.
Talos also spotted the use of ROKRAT, as well-known Remote Administration Tool, used as the download payload in the attacks. ROKRAT is typically used with cloud platforms in an effort to steal documents and manage/control infected systems.
Adobe confirmed the vulnerability in the advisory (APSA18-01) and will issue a fix the week of February 5th.