Adobe has confirmed that hackers are exploiting a zero-day vulnerability in Flash Player using Microsoft Excel documents. The outfit said that it can't patch Flash until next week so users will have to be jolly careful.

Attackers are exploiting the vulnerability by embedding malicious Flash files within a Microsoft Excel document sent as an e-mail attachment.  Adobe's security advisory warned that vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system.

However it seems that the attackers are using the Flash vulnerability, hackers to infect systems with additional malware. Writing in his blog, Brad Arkin, the company's director of product security and privacy, said that reports indicate the attack is targeted at a very small number of organisations and limited.

More here.