US-CERT is aware of reported vulnerabilities in Flash (SWF) files that may allow a remote, unauthenticated attacker to conduct cross-site scripting attacks on a vulnerable system. The flaws exist in the way that input is validated when passed to embedded ActionsScript and JavaScript in the SWF file...