|Integer overflow in Adobe Flash Player 126.96.36.199 and earlier, and
188.8.131.52 and earlier, allows remote attackers to execute arbitrary
code via a crafted SWF file with a negative Scene Count value, which
passes a signed comparison, is used as an offset of a NULL pointer,
and triggers a buffer overflow.