Warnings about the insecurity of online Flash multimedia created with all but the most recent authoring tools have largely fallen upon deaf ears (...) Web site owners continue to host older files created by older authoring programs that are vulnerable to cross-site scripting (XSS) attacks, Rich Cannings, information security engineer of search giant Google, told security professionals attending the conference on Wednesday.

The researchers from Google found that, despite the fact that the vulnerabilites were published in December 2007, none of the websites checked had updated their Flash files created with the vulnerable software.

Adobe plans to release a new version of its Flash Player in early April that will prevent attackers from exploiting the issues and, likely, break much of the Flash content on Web sites that are unprepared for the changeover. The makers of major authoring tools have also closed the security holes in the Flash files created by their tools.

The details of the research can be found here:

XSS Vulnerabilities in Common Shockwave Flash Files [docs.google.com]

Adobe's advice for republishing your SWF files can be found here:
Update to Dreamweaver and Contribute to address potential cross-site scripting vulnerabilities [adobe.com]

Is your Flash making your site vulnerable?