

A Flash 0Day Was Reportedly Used In the CFR.org Attack - deeqkah
http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html

======
justinschuh
The title here is simply wrong. According to the details in the post the 0day
vulnerability is in IE8, not Flash. Flash was used to heap spray, maybe
because the vulnerability was in the ActiveX layer, or maybe because IE8
doesn't have a JIT and Flash's JIT spraying mitigations don't actually work.
Either way none of this constitutes a 0day in Flash because ActiveX would be
IE's bug and Flash's utility for heap spraying is already very well known.

