Adobe Flash Player is prone to a race condition vulnerability which leads to Use After Free. COM Object will be initialized twice and uninitialized when the count number decrement to zero by the main thread. As we could force the second initialization being called by a Worker thread, the uninitialization will come ahead of time. Instuctions afterwards that are accessing the DLL (related to the COM Object) will lead to a Use-After-Free.
Identified as CVE-2015-3103: https://helpx.adobe.com/security/products/flash-player/apsb15-11.html