The patches fix three vulnerabilities in the free Flash player plug-in and two in Photoshop. Publicly available exploit code for the flaws has been found on the web.
The vulnerabilities include code for exploits which could allow an attacker to successfully execute malicious code on a target system via a specially crafted 'bmp', 'dib' or 'rle' document file.
Secunia rated both vulnerabilities as 'highly critical', the firm's second highest threat classification. The flaws affect versions CS2 and CS3 of Photoshop, and one of the flaws also affects Photoshop Elements 5.0.
The set of three patches for the Flash player browser plug-in were also rated by Secunia as 'highly critical'. The patch affects versions 7, 8 and 9 of the player.
Both patches are available from Adobe's Security Bulletins and Advisories website.
http://www.adobe.com/support/security/