Nice to see John coming aboard with comments about the buffer overflow.
from what I see both of these are reading buffers. Even if you could pass bad code to the Flash Player this way, it still can’t break out of its sandbox
I still think there is lacking information from Macromedia, the technote at Macromedia Security Center is just linking to a Reuters news story and not giving any indepth facts about it. (Which John is commenting as well).