CVE-2009-3796
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
Date published : 2009-12-10
http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html