Integer overflow in Adobe Shockwave Player prior to 11.5.7.609 might allow remote malicious users to execute arbitrary code via a crafted .dir (aka Director) file.
adobe shockwave_player