Security Affairs has some more information about the hole. It was discovered by security firm FireEye, they found hacking crew APT3 was using it to target a number of industries, including telecommunications, transportation and aerospace and defense sectors:
The attack vector is once again the email, according to FireEye, the attackers send messages containing links to compromised web servers that were used to serve both harmless content or a malicious Adobe Flash Player exploit for the CVE-2015-3113.
“In June, FireEye’s FireEye as a Service team in Singapore uncovered a phishing campaign exploiting an Adobe Flash Player zero-day vulnerability (CVE-2015-3113). The attackers’ emails included links to compromised web servers that served either benign content or a malicious Adobe Flash Player file that exploits CVE-2015-3113.” states FireEye in the blog post.
“Once a target host was profiled, victims downloaded a malicious Adobe Flash Player SWF file and an FLV file, detailed below. This ultimately resulted in a custom backdoor known as SHOTPUT, detected by FireEye as Backdoor.APT.CookieCutter, being delivered to the victim’s system.”