The flaw affects Adobe Shockwave Player 18.104.22.1686 and earlier versions. Details from Adobe's advisory:
This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability (CVE-2009-1860). This issue was previously resolved in Shockwave Player 22.214.171.1245; the Shockwave Player 126.96.36.1990 update resolves a backwards compatibility mode variation of the issue with Shockwave Player 10 content. To resolve this issue, Shockwave Player users on Windows should uninstall Shockwave version 188.8.131.526 and earlier on their systems, restart, and install Shockwave version 184.108.40.2060, available here: http://get.adobe.com/shockwave/. This issue is remotely exploitable.
Adobe boasts that 450 million Internet-enabled desktops have installed Adobe Shockwave Player.