GNUCITIZEN posted more information and a good FAQ about the dangers of UPnP and the Flash UPnP attack that they describe.
From the FAQ:
Nevertheless, UPnP is useless, right?
Wrong! UPnP hacking is extremely serious discipline which often lead to a catastrophic effect. The following is possible with UPnP:
* portforward internal services (ports) to the router external facing side (a.k.a poking holes into your firewall and/or network)
* portforward the router web administration interface to the external facing side.
* port forwarding to any external server located on the Internet, effectively turning your router into a zombie: the attacker can attack an Internet host via your router, thus hiding their IP address (not all routers are affected by this, but most are)
* change the DNS server settings so that next time when the victim visits bank.com, they actually end up on evil.com mascaraed as bank.com
* change the DNS server settings so that the next time when the victim updates theirs favorite Firefox extensions, they will end up downloading evil code from evil.com which will root their system.
* reset/change the administrative credentials
* reset/change the PPP settings
* reset/change the IP settings for all interfaces
* reset/change the WiFi settings
* terminate the connection
And these are just a small portion of the things you can do over UPnP.
If you have no need for UPnP…turn it off and disable it in your router!