Adobe just released a patch to a vulnerability I had reported to them.

The issue is due to a lack of input validation which allows a specially crafted SWF file to cause Flash Player to perform an arbitrary memory read.

Exploiting the issue results in DoS (i.e crashes the browser). Further analysis might show it may lead to arbitrary code execution as well.

More details about it can be found in Adobe's security bulletin (CVE-2009-0519).

I would like to thank Adobe for the efficient way in which they handled this security issue.

This update contains fixes to other vulnerabilities as well, so go update :)