EIP-2026-103837

PRE-CVE

Adobe Flash Player 10.1.51 - Local File Access Information Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103837. PoCs published by lis cker.

AI-analyzed exploit summary This ActionScript code demonstrates an information disclosure vulnerability in Adobe Flash Player by reading local files and exfiltrating their Base64-encoded content to a remote server. It uses URLLoader to fetch file paths and content, then sends the data in chunks to an attacker-controlled endpoint.

Description

Adobe Flash Player 10.1.51 - Local File Access Information Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by lis cker · remotemultiple

https://www.exploit-db.com/exploits/33689

View Code ZIP pw:eip

This ActionScript code demonstrates an information disclosure vulnerability in Adobe Flash Player by reading local files and exfiltrating their Base64-encoded content to a remote server. It uses URLLoader to fetch file paths and content, then sends the data in chunks to an attacker-controlled endpoint.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (unspecified version)

No auth needed

Prerequisites: Victim must execute the malicious SWF file · Attacker must control a server to receive exfiltrated data

MITRE ATT&CK

T1041 - Exfiltration Over C2 Channel T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026