CVE-2016-0985

HIGH

Adobe Flash Player <18.0.0.329-20.0.0.306 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0985. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a type confusion vulnerability in the TextField constructor in Adobe Flash (AS3). By catching an exception during object creation, an attacker can manipulate the backing object's type, leading to arbitrary memory manipulation.

Description

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/39461

View Code ZIP pw:eip

This exploit leverages a type confusion vulnerability in the TextField constructor in Adobe Flash (AS3). By catching an exception during object creation, an attacker can manipulate the backing object's type, leading to arbitrary memory manipulation.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (versions affected by CVE-2016-0985)

No auth needed

Prerequisites: Victim must execute a malicious SWF file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9

Core References

Broken Link, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034970

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39461/

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201603-07

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-0166.html

Broken Link, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html

Broken Link, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html

Patch, Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/flash-player/apsb16-04.html

Broken Link, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html

Scores

CVSS v3 8.8

EPSS 0.2727

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-843

Status published

Products (8)

adobe/air_desktop_runtime < 20.0.0.233

adobe/air_sdk < 20.0.0.233

adobe/air_sdk_\&_compiler < 20.0.0.233

adobe/flash_player < 11.2.202.559

adobe/flash_player < 18.0.0.326

adobe/flash_player < 20.0.0.272 (2 CPE variants)

adobe/flash_player < 20.0.0.286

adobe/flash_player_desktop_runtime < 20.0.0.286

Published Feb 10, 2016

Tracked Since Feb 18, 2026