CVE-2016-0959

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2015-2697.html
https://bugzilla.redhat.com/show_bug.cgi?id=1294580	Issue Tracking Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:adobe:flash_player_extended_support_release:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:google:chrome_os:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player::::::edge::*
	cpe:2.3:a:adobe:flash_player::::::internet_explorer::*

cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*

OR	cpe:2.3:o:microsoft:windows_8::::::::
	cpe:2.3:o:microsoft:windows_8.1::::::::

Configuration 6 (hide)

AND

cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 8 (hide)

AND

cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:google:android:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 9 (hide)

cpe:2.3:a:adobe:air:*:*:*:*:*:android:*:*

Configuration 10 (hide)

AND

cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:google:android:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

No history.

Information

Published : 2017-06-27 20:29

Updated : 2024-02-28 16:04

NVD link : CVE-2016-0959

Mitre link : CVE-2016-0959

CVE.ORG link : CVE-2016-0959

JSON object : View

Products Affected

apple

mac_os_x
iphone_os

adobe

flash_player_for_linux
air
flash_player
air_sdk_\&_compiler
air_sdk
flash_player_extended_support_release

microsoft

windows_8.1
windows
windows_10
windows_8

google

android
chrome_os

linux

linux_kernel

CWE

CWE-416

Use After Free

9.8 /10