This is probably not a 100% valid Stack Exchange answer as I cannot provide the full solution but I think it's better to post this than nothing.

There is a patch from Enterprise Support which solves the issue. I'm not allowed to publish the patch but if you are an Enterprise Customer you could ask for the patch as it is also compatible with some CE versions.

Here is some information which I hope I can share without getting in trouble:

The patch deletes two SWF files and modifies the uploader SWFs.

I was told the patch provided is compatible with these CE versions:

1.4.*, 1.5.0.1, 1.6.0.0, 1.6.1.0, 1.7.0.0, 1.7.0.2, 1.8.0.0

Furthermore it is compatible with all EE versions < 1.14.0.0 so I guess the patch is included in EE 1.14. It would make sense that it's also included in CE 1.9 then.

[Update] I was informed by the support that the patch has been incorporated into CE 1.9.1. So the solution should be to either update to CE 1.9.1.0 or request this patch from Magento directly.