A previously unknown Adobe Flash vulnerability is being exploited in the wild through a Chinese version of the MPack exploit kit. The exploits are being injected into third-party sites to redirect targets to servers packed with malware.
According to SecurityFocus an attacker may exploit this problem to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected. When the exploit fires, it checks the Flash version on the vulnerable computer and, depending on the result, it uses a different .SWF (shockwave) file to take complete control of the machine, Security Focus said.
The threat has been dubbed "very serious."