CVE-2016-1104

HIGH

Adobe Flash Player <=21.0.0.213 Object Placing - Out-of-Bounds Read

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1104. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates an out-of-bounds read vulnerability in Adobe Flash Player when loading a corrupt image. The PoC requires hosting two files on a server and accessing a specific URL to trigger the issue.

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/39825

View Code ZIP pw:eip

This exploit demonstrates an out-of-bounds read vulnerability in Adobe Flash Player when loading a corrupt image. The PoC requires hosting two files on a server and accessing a specific URL to trigger the issue.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Flash Player

No auth needed

Prerequisites: Hosting the provided files on a server · Access to the target's browser to load the malicious URL

devstral-2 · analyzed Feb 16, 2026 Full analysis →