http://www.theregister.co.uk/2009/11/13/adobe_flash_wallop/
An unpatched security risk involving Adobe Flash creates a possible mechanism for hackers to load exploits onto websites.The vulnerability was discovered by security researchers at Foreground Security and reported to both Adobe and Google, whose Google Applications, including Gmail, are potentially vulnerable to exploit.
No fix is currently available. However, exploitation of the security flaw would be far from straightforward, especially on Gmail because hackers would have to figure out message IDs in order to create any mischief. Foreground has not detected any attacks using the technique, which affects sites that allow users to upload active content onto trusted domains.