Adobe rated the bug as critical, which, if exploited would allow malicious native-code to execute, potentially without a user being aware. In other words, the bug could cause a crash and potentially allow an attacker to take control of the affected system.
Hackers have exploited the bug in flash player using Microsoft Excel documents. They targeted users via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.
The vulnerability exists in certain versions of Adobe Flash Player for Windows, Macintosh, Linux and Solaris operating systems, Adobe said in its blog post.
The bug also affected authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
However, Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.
We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, and an update for Adobe Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions during the week of March 21, 2011, the blog post added.
Meanwhile, Adobe is currently planning to address the issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.
Following are the affected software versions:
* Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
* Adobe Flash Player 10.2.154.18 and earlier versions for Chrome users
* Adobe Flash Player 10.1.106.16 and earlier versions for Android
* The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.