Fairly nasty Flash exploit in the wild. As Matasano Chargen describes it:

It’s a weaponized NULL pointer attack that desynchronizes a bytecode verifier to slip malicious ActionScript bytecode into the Flash runtime.

Read Chargen’s full post if you want to attempt to understand this. Seems like the only workaround is to uninstall your Flash player. Which no one will do.