Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
https://exchange.xforce.ibmcloud.com/vulnerabilities/78866
http://www.vupen.com/english/services/ba-index.php
http://www.adobe.com/support/security/bulletins/apsb12-19.html