In a issued Monday, Adobe said that attackers are exploiting the vulnerability by embedding Flash attack files within a Microsoft Word document sent as an email attachment.
Adobe did not spell out a patch timeline for the newest Flash zero-day.
Four weeks ago, about a different flaw that hackers manipulated via attack code tucked inside Excel spreadsheet attachments.
Later, RSA confirmed that the March vulnerability had been used by cybercriminals to gain a foothold on its corporate network, then related to the company's SecurID two-factor authentication products.
on March 21.