Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.
An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Adobe Flash Player 220.127.116.11 and 18.104.22.168 are vulnerable; other versions may also be affected.
Symantec has observed that this issue is being actively exploited in the wild.
UPDATE: Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org.
The vendor has responded that Adobe is aware of the reports and is investigating the issue.
Del med dine venner