Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.
blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1
jvn.jp/en/jp/JVN48425028/index.html
jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html
marc.info/?l=bugtraq&m=130331642631603&w=2
secunia.com/advisories/42183
secunia.com/advisories/42926
secunia.com/advisories/43026
security.gentoo.org/glsa/glsa-201101-09.xml
support.apple.com/kb/HT4435
www.adobe.com/support/security/bulletins/apsb10-26.html
www.redhat.com/support/errata/RHSA-2010-0829.html
www.redhat.com/support/errata/RHSA-2010-0834.html
www.redhat.com/support/errata/RHSA-2010-0867.html
www.securityfocus.com/bid/44691
www.vupen.com/english/advisories/2010/2903
www.vupen.com/english/advisories/2010/2906
www.vupen.com/english/advisories/2010/2918
www.vupen.com/english/advisories/2011/0173
www.vupen.com/english/advisories/2011/0192
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12142
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15913