CVE-2016-0967

HIGH

Adobe Flash Player <18.0.0.329,19.x,20.x - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0967. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a stack corruption vulnerability in Adobe Flash Player when processing a malformed FLV file. The PoC requires loading a specifically crafted SWF file that references the malicious FLV, leading to potential remote code execution.

Description

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/39466

This exploit leverages a stack corruption vulnerability in Adobe Flash Player when processing a malformed FLV file. The PoC requires loading a specifically crafted SWF file that references the malicious FLV, leading to potential remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player (versions affected by CVE-2016-0967)
No auth needed
Prerequisites: Remote server to host the malicious SWF and FLV files · Victim interaction to load the SWF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39466/
Broken Link, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034970
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201603-07
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0166.html
Broken Link, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html
Broken Link, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html
Broken Link, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html

Scores

CVSS v3 8.8
EPSS 0.2059
EPSS Percentile 97.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (8)
adobe/air_desktop_runtime < 20.0.0.233
adobe/air_sdk < 20.0.0.233
adobe/air_sdk_\&_compiler < 20.0.0.233
adobe/flash_player < 11.2.202.559
adobe/flash_player < 18.0.0.326
adobe/flash_player < 20.0.0.272 (2 CPE variants)
adobe/flash_player < 20.0.0.286
adobe/flash_player_desktop_runtime < 20.0.0.286
Published Feb 10, 2016
Tracked Since Feb 18, 2026