II. Description
Adobe Flash is a multimedia and software platform used for authoring of vector graphics, animation, games and rich Internet applications (RIAs) that can be viewed, played and executed in Adobe Flash Player.
Normally, configure() should validates its parameter and returns error in AS3 level if anything goes wrong.
If configure() function is invoked directly with invalid parameter, some inner class instance will be absent, which will cause a memory crash.
III. Credit
Wen Guanxing from Pangu LAB is credited for this vulnerability.
It has been assigned by Adobe as CVE-2016-4152.
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html