Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Adobe Flash Player 22.214.171.124 and 126.96.36.199 are vulnerable; other versions may also be affected.
Symantec has observed that this issue is being actively exploited in the wild.
UPDATE: Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org.
The vendor has responded that Adobe is aware of the reports and is investigating the issue.
Del med dine venner