| This vulnerability is an instance of a use after free vulnerability in ActionScript2 when creating a getter/setter property. Specifically, the vulnerability is triggered by a crafted SWF file which defines a special callback function that forces re-allocation of an attribute array structure. It can trigger access violation exception because of a dangling reference left as a consequence of freeing an attribute array object. |
