cbcvebase.
CVE-2016-1103
published 2016-05-11

CVE-2016-1103: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and…

PriorityP262high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
37.72%
98.4th percentile
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

Affected

3 ranges
VendorProductVersion rangeFixed in
adobeflash_player<= 21.0.0.213
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39826.zip
  • Exploit triggers via a crafted ATF (Adobe Texture Format) file loaded through LoadImage.swf with a malicious 'img' query parameter (e.g., ?img=70), causing an overflow in raw 565 texture processing.
  • The vulnerability is an overflow in ATF (Adobe Texture Format) processing specifically when handling raw 565 (RGB565) texture data; monitor Flash Player processing of ATF files with 565 texture types.
  • ·Affected versions are Adobe Flash Player 21.0.0.213 and earlier, including Flash libraries embedded in Microsoft Internet Explorer 10, IE 11, and Microsoft Edge.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.