Lucene search

[email protected]CVE-2016-1002

HistoryMar 12, 2016 - 3:59 p.m.

CVE-2016-1002

2016-03-1215:59:22

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-1002

adobe flash player

adobe air

memory corruption

arbitrary code execution

denial of service

unspecified vectors

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.806 High

EPSS

Percentile

98.3%

JSON

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005.

Affected configurations

NVD

Node

adobeflash_playerRange≤20.0.0.306chrome

AND

applemac_os_xMatch-

googlechrome_osMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

adobeairRange≤20.0.0.233

AND

googleandroidMatch-

Node

adobeair_sdkRange≤20.0.0.260

samsungx14j_firmwareMatcht-ms14jakucb-1102.5

AND

appleiphone_osMatch-

applemac_os_xMatch-

googleandroidMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤11.2.202.569

AND

linuxlinux_kernelMatch-

Node

adobeflash_player_desktop_runtimeRange≤20.2.2.306

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤20.0.0.306edge

AND

microsoftwindows_10Match-

Node

adobeflash_playerRange≤20.0.0.306internet_explorer

AND

microsoftwindows_10Match-

microsoftwindows_8.1Match-

Node

adobeair_desktop_runtimeRange≤20.0.0.260

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeair_sdk_\&_compilerRange≤20.0.0.260

AND

appleiphone_osMatch-

applemac_os_xMatch-

googleandroidMatch-

microsoftwindowsMatch-

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle20.0.0.306

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	20.0.0.306

References

lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html

www.securityfocus.com/bid/84311

www.securitytracker.com/id/1035251

helpx.adobe.com/security/products/flash-player/apsb16-08.html

security.gentoo.org/glsa/201603-07

www.exploit-db.com/exploits/39608/

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.806 High

EPSS

Percentile

98.3%

JSON

Related for CVE-2016-1002

cve7 ubuntucve8 nvd8 cvelist8 prion8 zdt1 nessus14 suse4 openvas12 freebsd1 altlinux2 archlinux2 kaspersky2 redhat1 mageia1 checkpoint_advisories6 zdi1 hackerone1 gentoo1