Simon Choi

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions prior to 28.0.0.161 **Description** The issue is related to a use-after-free vulnerability, which occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. This can allow a remote attacker to execute arbitrary code using a specially crafted document or web page with malicious Flash content. The vulnerability was exploited in the wild in January and February 2018. **Recommendations** For Adobe Flash Player versions prior to 28.0.0.161, update to version 28.0.0.161 or later to resolve the issue. As a temporary workaround, consider disabling the use of Flash content in web pages until a patch is applied. Restrict access to Flash-based modules to minimize the risk of exploitation. Avoid using Flash-based documents or web pages with untrusted or unknown sources until the issue is resolved.