In a issued Monday, Adobe said that attackers are exploiting the vulnerability by embedding Flash attack files within a Microsoft Word document sent as an email attachment.

Adobe did not spell out a patch timeline for the newest Flash zero-day.

Four weeks ago, about a different flaw that hackers manipulated via attack code tucked inside Excel spreadsheet attachments.

Later, RSA confirmed that the March vulnerability had been used by cybercriminals to gain a foothold on its corporate network, then related to the company's SecurID two-factor authentication products.

on March 21.