CVE-2007-3456
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.
Date published : 2007-07-11
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html