Affected versions are 220.127.116.11 and 18.104.22.168.
The best analysis that I’ve seen so far is at SecurityFocus:
The frightening thing about this alert is that the vulnerability is being actively exploited, with tens of thousands of web sites being compromised (Symantec/Security Focus think that this is happening via SQL injection), with those compromised web sites being used to redirect victims to other sites that are hosting malicious Flash files.
At time of writing there is no workaround, patch or official advisory. If you’re using Firefox, install a copy of No Script for its script and Flash blocking abilities. If you are using Internet Explorer get yourself a copy of IE7Pro, which includes an ad blocker and a Flash blocker (note: be careful with the maximum connections per server setting – I have seen that setting break some web sites, especially banking sites).
Or, simply uninstall Flash.