Adobe has released Security Advisory APSA09-03 that describes a vulnerability affecting the Adobe Flash player. Flash player version 10.0.22.87 and earlier 10.x versions as well as Flash player version 220.127.116.11 and earlier 9.x versions are affected.
An attacker could exploit this vulnerability by convincing a user to visit a web site that hosts a specially crafted SWF file. The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected. An attacker could also create a PDF document that has an embedded SWF file to exploit the vulnerability. This vulnerability is being actively exploited.
These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension for Mozilla Firefox to whitelist web sites that can access the Flash plugin. For more information about securely configuring web browsers, please see the Securing Your Web Browser document. US-CERT Vulnerability Note VU#259425 has additional details, as well as information about mitigating the PDF document attack vector.
Information taken from US-CERT – Technical Cyber Security Alert TA09-195A.