(shameless plug) Here is his talk description, and his materials will be on-line next week after this talk. https://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Roth

Whoops.. the file should be there now.

At Black Hat D.C. last month Prajakta Jagdale spoke about HP developing this tool in her presentation:

"Blinded by Flash: Widespread Security Risks Flash Developers Don't See"

From the presentations description:
"In this presentation I will examine the Flash framework and then delve into the Flash security model and the transitions it has undergone over the years. To explore the avenues of compromise in the security model, I will use a test Flash application and demonstrate various attack vectors including Cross-Site Request Forgery, data injection and script injection. During this demonstration, I will explain the associated threats in detail and discuss means to mitigate these threats. Even though the test application validates the attack surface, the question remains: how many applications actually deployed are vulnerable to these threats? I will answer this question by providing astonishing statistics about vulnerable, real world applications I was able to find using simple Google queries."

The pdf of her presentation is here:
https://www.blackhat.com/presentations/bh-dc/Jagdale/BlackHat-DC-09-Jagdale-Blinded-by-Flash.pdf