CVE-2016-1105
published 2016-05-11CVE-2016-1105: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and…
PriorityP262high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
37.72%
98.4th percentile
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | <= 21.0.0.213 | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Type confusion triggered via watch() callback on FileReference constructor property 'name' — monitor ActionScript watch() calls on FileReference objects combined with prototype chain manipulation (__proto__ reassignment) as an exploitation pattern. ↗
- →Exploit abuses ASnative(2204, 200) to invoke the FileReference constructor directly — detection of ASnative calls with opcode 2204/200 in SWF bytecode is a strong indicator of exploitation. ↗
- →Prototype chain hijacking to flash.display.BitmapData constructor is used to set up type confusion — look for __proto__.__constructor__ being set to flash.display.BitmapData within a watch callback. ↗
- ·The vulnerability affects Adobe Flash Player 21.0.0.213 and earlier; the exact attack vector is officially listed as unspecified by Adobe/NVD. ↗
- ·The type confusion occurs because the FileReference constructor sets properties before finalizing object type/data — a watch on those properties allows attacker code to run mid-construction, meaning exploitation is GC-triggered and timing-dependent. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qm8m-qh29-47xv: Unspecified vulnerability in Adobe Flash Player 21
ghsa_unreviewed·2022-05-14
CVE-2016-1105 [HIGH] GHSA-qm8m-qh29-47xv: Unspecified vulnerability in Adobe Flash Player 21
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-15
vendor_redhat·2016-05-10·CVSS 7.5
CVE-2016-1105 [HIGH] flash-plugin: multiple code execution issues fixed in APSB16-15
flash-plugin: multiple code execution issues fixed in APSB16-15
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
No detection rules found.
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.htmlhttp://packetstormsecurity.com/files/137056/Adobe-Flash-FileReference-Type-Confusion.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1079.htmlhttp://www.securitytracker.com/id/1035827https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064https://helpx.adobe.com/security/products/flash-player/apsb16-15.htmlhttps://www.exploit-db.com/exploits/39829/http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.htmlhttp://packetstormsecurity.com/files/137056/Adobe-Flash-FileReference-Type-Confusion.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1079.htmlhttp://www.securitytracker.com/id/1035827https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064https://helpx.adobe.com/security/products/flash-player/apsb16-15.htmlhttps://www.exploit-db.com/exploits/39829/
2016-05-11
Published