Vulnerability found in UPnP devices

Universal Plug and Play protocol devices have found to have a serious exploit method.

When user launchs a hostile Shockwave Flash file, Flash can be used to control UPnP compatible devices in same network.

One possible exploit is changing DHCP server name server settings to those attacker wants them to be.

That's why one should take UPnP off from workstations and other devices in network if no UPnP is used.

Some links can be found from below:
http://www.gnucitizen.org/blog/hacking-the-interwebs
http://www.us-cert.gov/current/index.html#upnp_router_exploit
https://www.kb.cert.org/vuls/id/347812