I recently came across the following accusations aimed at Flash by some system administrators used as a rationale for disallowing the publication of Flash content within their network. Has anybody heard of this? Anybody know where they got their information? Does anybody know whether there's any truth in them? Any help would be appreciated:

"There are two security issues that are of great concern.
A.) A buffer overflow in Flash.OCX could allow an attacker to run code of their choice on a vulnerable system when a user reads an HTML.
B.) Flash SWF content can allow malicious users of web sites that allow users to upload or include SWF content to get access to information (cookies, etc) that they aren't supposed to have access to. This can include system files stored on the hard drive, and or system passwords should they be saved in cookie files."