cbcvebase.
CVE-2016-1104
published 2016-05-11

CVE-2016-1104: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and…

PriorityP263high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
39.65%
98.4th percentile
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

Affected

11 ranges
VendorProductVersion rangeFixed in
adobeair_desktop_runtime<= 21.0.0.198
adobeair_sdk<= 21.0.0.198
adobeair_sdk_compiler<= 21.0.0.198
adobeflash_player<= 21.0.0.241
adobeflash_player<= 18.0.0.343
adobeflash_player<= 11.2.202.616
adobeflash_player<= 21.0.0.216
adobeflash_player<= 21.0.0.213
adobeflash_player_desktop_runtime<= 21.0.0.226
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://127.0.0.1/LoadImage.swf?img=70
filenameLoadImage.swf
  • Look for SWF files being served with query parameters referencing image indices (e.g., ?img=<integer>), which matches the PoC delivery pattern for this out-of-bounds read vulnerability.
  • The vulnerability is an out-of-bounds read triggered when Adobe Flash Player processes a corrupt/malformed image placed via a SWF file; inspect Flash content loading external image resources for anomalous memory read patterns.
  • Flag Adobe Flash Player versions 21.0.0.213 and earlier (Windows/IE/Edge context) as vulnerable; presence of flash-plugin below patched thresholds (18.0.0.352 / 21.0.0.242 on Win/OSX, 11.2.202.621 on Linux) should trigger an alert.
  • ·CVE-2016-1104 is listed as one of multiple distinct memory-corruption vulnerabilities sharing the same affected Flash Player version range; detections based solely on version will not differentiate between the 17 related CVEs patched in APSB16-15 / MS16-064.
  • ·The attack vectors and impact for CVE-2016-1104 specifically (as used in IE10/11 and Edge) are officially unspecified, limiting the ability to craft precise behavioral detections beyond version checks.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.