Rich Cannings has published an advisory on the Web Security Mailing List describing a flaw on common flash authoring tools allowing for XSS. From his advisory
We were unable to perform an exhaustive review of all authoring tools that generate SWFs. More XSS issues may exist in the products listed below and certainly exist in other applications that save to SWF.
We are only reporting XSS vulnerabilities that have been fixed by the vendors. There are more products vulnerable. We will publish more information when the vendor releases fixes."