Adobe Flash Player versions 9.0 through version 18.0.0.194 contain a use-after-free vulnerability in the AS3 ByteArray class. This can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Impact
An attacker can execute arbitrary code in the context of the user running Flash Player. Attacks typically involve enticing a user to visit a web site containing specially-crafted Flash content, or to open a specially-crafted Microsoft Office document.
Solution
This is a Zero-Day vulnerability found inside the Hacking Team dump.
Adobe will soon release an emergency patch to Flash Player.
This vulnerability can be mitigated by not running untrusted Flash content.
One less weapon in their arsenal, but you should not allow “auto-play” flash anyway …
Hacking Team found the vulnerability themselves ?