This vulnerability is an instance of a use after free vulnerability in the ActionScript2 NetStream class. Specifically, the vulnerability is triggered by a crafted SWF file where a custom ActionScript2 object is extended from another custom ActionScript2 object, which is in turn extended form the NetStream class. The calls to the super method lead to a dangling referene. It can trigger access violation exception because of a dangling reference left as a consequence of freeing a NetStream object due to two calls ro the super method. |