Dutch researcher Bjorn Ruytenberg disclosed details after Adobe updated the soon-to-be-departure Flash Player on Tuesday to version 26. He found the update failed to address the vulnerability locally if networking was enabled, or remotely. The vulnerability would allow an attacker to connect a compromised computer to an attacker s remote Windows SMB server. The attack works only on Internet Explorer and Firefox; Chrome and Microsoft Edge are not affected, he said. Adobe addressed the vulnerability, CVE-2017-3085, Tuesday.
Source: https://threatpost.com/patched-flash-player-sandbox-escape-leaked-windows-credentials/127378/