The host is missing an important security update according to Adobe advisory, APSB16-09. The update is required to fix multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the application, which fails to handle vectors involving viewer.swf and loadflash.js. Successful exploitation allows attackers to inject arbitrary web script or HTML.