|Integer overflow in Adobe Flash Player 188.8.131.52 and earlier, and
184.108.40.206 and earlier, allows remote attackers to execute arbitrary
code via a crafted SWF file with a negative Scene Count value, which
passes a signed comparison, is used as an offset of a NULL pointer,
and triggers a buffer overflow.