Lucene search

AdobeCVE-2016-0990

HistoryMar 12, 2016 - 3:59 p.m.

CVE-2016-0990

2016-03-1215:59:10

CWE-416

adobe

web.nvd.nist.gov

cve

adobe flash player

vulnerability

arbitrary code execution

security advisory

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.904

Percentile

98.8%

JSON

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.

Affected configurations

Nvd

Node

adobeflash_playerRange≤20.0.0.306chrome

AND

applemac_os_xMatch-

googlechrome_osMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

adobeairRange≤20.0.0.233

AND

googleandroidMatch-

Node

adobeair_sdkRange≤20.0.0.260

samsungx14j_firmwareMatcht-ms14jakucb-1102.5

AND

appleiphone_osMatch-

applemac_os_xMatch-

googleandroidMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤11.2.202.569

AND

linuxlinux_kernelMatch-

Node

adobeflash_player_desktop_runtimeRange≤20.2.2.306

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤20.0.0.306edge

AND

microsoftwindows_10Match-

Node

adobeflash_playerRange≤20.0.0.306internet_explorer

AND

microsoftwindows_10Match-

microsoftwindows_8.1Match-

Node

adobeair_desktop_runtimeRange≤20.0.0.260

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeair_sdk_\&_compilerRange≤20.0.0.260

AND

appleiphone_osMatch-

applemac_os_xMatch-

googleandroidMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
applemac_os_x-cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
googlechrome_os-cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
adobeair*cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
adobeair_sdk*cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
samsungx14j_firmwaret-ms14jakucb-1102.5cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*
appleiphone_os-cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::chrome::*
apple	mac_os_x	-	cpe:2.3:o:apple:mac_os_x:-:::::::*
google	chrome_os	-	cpe:2.3:o:google:chrome_os:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
adobe	air	*	cpe:2.3:a:adobe:air::::::::
google	android	-	cpe:2.3:o:google:android:-:::::::*
adobe	air_sdk	*	cpe:2.3:a:adobe:air_sdk::::::::
samsung	x14j_firmware	t-ms14jakucb-1102.5	cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:::::::*
apple	iphone_os	-	cpe:2.3:o:apple:iphone_os:-:::::::*