ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
secunia.com/advisories/32270
secunia.com/advisories/32448
secunia.com/advisories/32702
secunia.com/advisories/32759
secunia.com/advisories/33390
secunia.com/advisories/34226
security.gentoo.org/glsa/glsa-200903-23.xml
securitytracker.com/id?1021061
sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
support.avaya.com/elmodocs2/security/ASA-2008-440.htm
support.avaya.com/elmodocs2/security/ASA-2009-020.htm
www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
www.adobe.com/support/security/bulletins/apsb08-18.html
www.redhat.com/support/errata/RHSA-2008-0945.html
www.redhat.com/support/errata/RHSA-2008-0980.html
www.vupen.com/english/advisories/2008/2838
exchange.xforce.ibmcloud.com/vulnerabilities/45913