|Integer overflow in Adobe Flash Player 22.214.171.124 and earlier, and
126.96.36.199 and earlier, allows remote attackers to execute arbitrary
code via a crafted SWF file with a negative Scene Count value, which
passes a signed comparison, is used as an offset of a NULL pointer,
and triggers a buffer overflow.