CVE-2008-4822
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.
Date published : 2008-11-10
http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html