cbcvebase.
CVE-2016-1101
published 2016-05-11

CVE-2016-1101: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and…

PriorityP262high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
37.72%
98.4th percentile
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

Affected

3 ranges
VendorProductVersion rangeFixed in
adobeflash_player<= 21.0.0.213
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39827.zip
  • Heap overflow triggered during ATF image parsing when loading a crafted file into a Bitmap object via LoadImage.swf; monitor for Flash Player loading ATF-format images via suspicious query parameters.
  • ·The vulnerability details and attack vectors are officially listed as unspecified/unknown by the vendor; detection must rely on behavioral and PoC-derived indicators rather than confirmed payload signatures.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.