Lucene search

[email protected]CVE-2016-0959

HistoryJun 27, 2017 - 8:29 p.m.

CVE-2016-0959

2017-06-2720:29:00

CWE-416

[email protected]

web.nvd.nist.gov

cve-2016-0959

adobe flash player

use after free

vulnerability

security issue

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.

Affected configurations

NVD

Node

adobeflash_playerRange≤20.0.0.235

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_player_extended_support_releaseRange≤18.0.0.268

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤20.0.0.228chrome

AND

applemac_os_xMatch-

googlechrome_osMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤20.0.0.228edge

adobeflash_playerRange≤20.0.0.228internet_explorer

AND

microsoftwindows_10

Node

adobeflash_playerRange≤20.0.0.228internet_explorer

AND

microsoftwindows_8

microsoftwindows_8.1

Node

adobeflash_player_for_linuxRange≤11.2.202.554

AND

linuxlinux_kernelMatch-

Node

adobeairRange≤20.0.0.204

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeair_sdk_\&_compilerRange≤20.0.0.204

AND

appleiphone_os

applemac_os_xMatch-

googleandroidMatch-

microsoftwindowsMatch-

Node

adobeairRange≤20.0.0.204android

Node

adobeair_sdkRange≤20.0.0.204

AND

appleiphone_os

applemac_os_xMatch-

googleandroidMatch-

microsoftwindowsMatch-

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle20.0.0.235

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	20.0.0.235

References

rhn.redhat.com/errata/RHSA-2015-2697.html

bugzilla.redhat.com/show_bug.cgi?id=1294580

helpx.adobe.com/security/products/flash-player/apsb16-01.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for CVE-2016-0959

ubuntucve1 prion1 nvd1 cvelist1 checkpoint_advisories1 nessus5 openvas7 redhat1