This is a quintessential example of why it's a very bad thing for the NSA to hoard zero-days. It's easy to forget that the black hats are looking for zero days too, and the fact that you've found an undisclosed vulnerability doesn't mean that that you're the the only one to have found this vulnerability, or even that you're the first one.<p>In the example from the article, it's likely that the black hats found the zero day first, and were in the process of updating their attack toolkits when the Project Zero team came across the issue and notified Adobe. If it had been the NSA that found this issue, no one would have been notified, and the black hats would have had days or weeks to refine their attacks before a patch was issued.
I'm no security researcher, but the proof of concept looks like there just exists this API where you get to set a memory address and call from a limited pool of functions. Based on that observation, this hardly seems like an exploit--it looks like "as designed". What made Adobe/Macromedia/whoever originally decide that this interface was "secure"? Am I missing something?