The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
http://www.vupen.com/english/advisories/2011/0335
http://www.securitytracker.com/id?1025056
http://www.securityfocus.com/bid/46338
http://www.kb.cert.org/vuls/id/189929
http://www.adobe.com/support/security/bulletins/apsb11-01.html