A security engineer has found a way to get around Flash Player’s sandbox. The sandbox allows a Shockwave Flash (SWF) file to read local files but not send data over the network. Adobe limits requests to local IP addresses and hostnames, but also blacklists some protocol handlers. An Adobe spokeswoman said the company has reviewed the blog post and logged a bug, classifying it as a “moderate” risk. An attacker would first need to gain access to the user’s system to place a malicious SWF file in a directory.”]
Source: https://www.csoonline.com/article/2126613/security-researcher-finds-way-around-flash-sandbox.html