EIP-2026-114861

PRE-CVE

Adobe Flash MovieClip.attachMovie - Use-After-Free

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114861. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in Adobe Flash's MovieClip.attachMovie method. By redefining valueOf or toString methods, an attacker can trigger arbitrary code execution during object cleanup, leading to potential remote code execution (RCE).

Description

Adobe Flash MovieClip.attachMovie - Use-After-Free

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/39055

View Code ZIP pw:eip

This exploit leverages a use-after-free vulnerability in Adobe Flash's MovieClip.attachMovie method. By redefining valueOf or toString methods, an attacker can trigger arbitrary code execution during object cleanup, leading to potential remote code execution (RCE).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (version not specified)

No auth needed

Prerequisites: Victim must open a malicious SWF file · Adobe Flash Player must be installed and vulnerable

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026