There's a remote code execution vulnerability in Macromedia Flash client. The vulnerability also includes Shockwave due to the embedded flash support. Unfortunately this seems to be preinstalled almost everywhere and considered safe usually, so it's a rather big one. Download links to new versions are on that page. As a side note I recommend Flashblock both to minimize general annoyance and to help minimize the impact of things like this (it turns it into a click-to-exploit rather than load-page-to-exploit). You can check your version of Flash Player (should be at least 8.0.24) and Shockwave Player (should be at least 10.1.1 (10.1r(\d+) on the check is 10.1.0.x\1)) on Macromedia's site.
Copyright ©2000-2008 Jeremy Mooney (jeremy-at-qux-dot-net)
