II. Description
When ASnative(101,10) is called with a MovieClip object pointer, Flash Player is crashed due to an invalid EIP value. Carefully crafted swf file may allow the attacker to hijack the EIP, leading to shellcode execution in the context of affected application.
IV. Credit
Wen Guanxing from Venustech ADLAB is credited for this vulnerability.
It has been assigned as CVE-2016-0981 by Adobe.
https://helpx.adobe.com/security/products/flash-player/apsb16-04.html