CVE-2016-1103

HIGH

Adobe Flash Player <=21.0.0.213 Raw 565 Texture Processing Overflow

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1103. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Adobe Flash Player's ATF texture processing. The PoC involves loading a maliciously crafted file via LoadImage.swf, leading to potential remote code execution.

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/39826

This exploit targets a buffer overflow vulnerability in Adobe Flash Player's ATF texture processing. The PoC involves loading a maliciously crafted file via LoadImage.swf, leading to potential remote code execution.

Classification
Working Poc 80%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player
No auth needed
Prerequisites: Victim must load the malicious file via LoadImage.swf
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035827
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39826/
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1079.html

Scores

CVSS v3 7.5
EPSS 0.3772
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (4)
adobe/flash_player < 21.0.0.213
microsoft/edge
microsoft/internet_explorer 10
microsoft/internet_explorer 11
Published May 11, 2016
Tracked Since Feb 18, 2026