Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
http://www.us-cert.gov/cas/techalerts/TA11-166A.html
http://www.adobe.com/support/security/bulletins/apsb11-17.html