10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.043 Low
EPSS
Percentile
91.3%
Sending messages between workers while having the animation reloaded can cause an object to be freed while a reference remains in memory. An attacker can use this issue to control eip and potentially execute arbitrary code.
Identified as CVE-2015-0320, and reported to Adobe via Chrome VRP:
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Original report with proof of concept showing how to control eip:
https://code.google.com/p/chromium/issues/detail?id=437441