A vulnerability in the Afk arena application allows attackers to exploit the vulnerability.
The attack is triggered when a malicious user logs in with the AfK Arena login credential, which can then be used to bypass authentication and execute arbitrary code in a web browser.
The exploit is designed to exploit CVE-2016-0296, which was reported to the NSA in March 2016, according to researchers at Cisco.
The vulnerability is a local privilege escalation vulnerability in that the Afks Arena application can be used by the attacker to bypass the sandbox security of the browser.
This allows attackers the ability to perform system administrator, web server, and application execution on the affected machine.
The issue is not a stand-alone exploit.
It is triggered by an application that connects to the Afktive server, which has a remote access permission.
The attackers can then inject a specially crafted user agent string that is passed to the browser when the user is logged in, the researchers wrote.
The attacker can then use this string to execute arbitrary commands on the machine.
This vulnerability is fixed in the latest version of the Afltive client and can be mitigated by installing the latest Apache, Ruby, and Java.