Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Symantec has observed that this issue is being actively exploited in the wild. Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.

Source: SecurityFocus.

Additional sources: Steven Adair’s Blog, Dancho Danchev’s Blog.

Tags: adobe, symantec, vulnerabilities