CVE-2016-1001

HIGH

Adobe Flash Player < 18.0.0.333, 19.x-21.x < 21.0.0.182 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1001. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a heap overflow vulnerability in the Zlib codecs used by Adobe Flash when processing FLV files. The PoC involves loading a malicious FLV file via a SWF file to trigger the overflow, potentially leading to remote code execution.

Description

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/39609

View Code ZIP pw:eip

This exploit leverages a heap overflow vulnerability in the Zlib codecs used by Adobe Flash when processing FLV files. The PoC involves loading a malicious FLV file via a SWF file to trigger the overflow, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (specific version not specified)

No auth needed

Prerequisites: Victim must load the malicious SWF file with the crafted FLV file

MITRE ATT&CK