I. Summary Adobe Flash Player is prone to a vulnerability which leads to Use-After-Free.
II. Description If the ASnative(900,1) is invoked with TextField instance and getter properties associated with swfRoot where the getter method includes a call to removeTextField(), the TextField instance is used after it is freed.
The zip attachment contains the crash.swf and its source code. Latest version of Adobe Flash Player 126.96.36.1997 has been tested under Windows 7.
III. Impact Use-After-Free
IV. Credit Wen Guanxing from Venustech ADLAB is credited for this vulnerability.
It has been assigned by Adobe as CVE-2016-0983 https://helpx.adobe.com/security/products/flash-player/apsb16-04.html