A vulnerability was found in ShockWave that would allow remote code execution.
The vulnerability details below was taken from Zero Day Initiative
This specific flaw exists within the ActiveX control with CLSID 166B1BCA-3F9C-11CF-8075-444553540000. Specifying large values for two specific parameters to this control results in an exploitable stack based buffer overflow. Due to the nature of this vulnerability, the target user is not required to have fully completed an installation of Shockwave to be vulnerable.
Adobe has already been infrormed and has already fixed the issue with the installer.
The advisory made by Zero Day Initiative can be found here.