Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneHhj4ckH1:119652
HistoryMar 01, 2016 - 7:57 a.m.

Internet Bug Bounty: Adobe Flash Player ASnative(101,10) Memory Corruption Vulnerability

2016-03-0107:57:50
hhj4ck
hackerone.com
20

0.012 Low

EPSS

Percentile

85.2%

JSON

I. Summary
Adobe Flash Player is prone to a vulnerability which leads to Memory Corruption.

II. Description
When ASnative(101,10) is called with a MovieClip object pointer, Flash Player is crashed due to an invalid EIP value. Carefully crafted swf file may allow the attacker to hijack the EIP, leading to shellcode execution in the context of affected application.

Lastest version of Adobe Flash Player 20.0.0.267 has been tested under Windows 7.

III. Impact
Memory Corruption

IV. Credit
Wen Guanxing from Venustech ADLAB is credited for this vulnerability.

It has been assigned as CVE-2016-0981 by Adobe.
https://helpx.adobe.com/security/products/flash-player/apsb16-04.html

Related

checkpoint_advisories 1
cve 14
ubuntucve 14
prion 14
nvd 14
cvelist 14
freebsd 1
nessus 12
kaspersky 2
openvas 12
suse 4
altlinux 2
mageia 1
redhat 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSB16-04: CVE-2016-0981)
2016-02-14 00:00:00
cve
cve
CVE-2016-0967
2016-02-10 20:59:14
CVE-2016-0969
2016-02-10 20:59:16
CVE-2016-0972
2016-02-10 20:59:20
ubuntucve
ubuntucve
CVE-2016-0981
2016-02-10 00:00:00
CVE-2016-0977
2016-02-10 00:00:00
CVE-2016-0980
2016-02-10 00:00:00
prion
prion
Memory corruption
2016-02-10 20:59:00
Memory corruption
2016-02-10 20:59:00
Memory corruption
2016-02-10 20:59:00
nvd
nvd
CVE-2016-0967
2016-02-10 20:59:14
CVE-2016-0970
2016-02-10 20:59:17
CVE-2016-0972
2016-02-10 20:59:20
cvelist
cvelist
CVE-2016-0978
2016-02-10 20:00:00
CVE-2016-0965
2016-02-10 20:00:00
CVE-2016-0964
2016-02-10 20:00:00
freebsd
freebsd
flash -- multiple vulnerabilities
2016-02-09 00:00:00
nessus
nessus
FreeBSD : flash -- multiple vulnerabilities (5d8e56c3-9e67-4d5b-81c9-3a409dfd705f)
2016-02-11 00:00:00
openSUSE Security Update : flash-player (openSUSE-2016-183)
2016-02-11 00:00:00
openSUSE Security Update : flash-player (openSUSE-2016-186)
2016-02-12 00:00:00
kaspersky
kaspersky
KLA10758 Obsolete Adobe Flash Player for Windows
2016-02-09 00:00:00
KLA10756 Arbitrary code execution in Adobe Flash Player & AIR
2016-02-09 00:00:00
openvas
openvas
Adobe Air Multiple Vulnerabilities (Feb 2016) - Mac OS X
2016-02-12 00:00:00
Adobe Flash Player Multiple Vulnerabilities -01 (Feb 2016) - Linux
2016-02-10 00:00:00
Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3135782)
2017-03-18 00:00:00
suse
suse
Security update for flash-player (important)
2016-02-10 13:11:33
Security update for flash-player (important)
2016-02-10 13:12:35
Security update for flash-player (important)
2016-02-10 22:11:01
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt59
2016-02-11 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt59
2016-02-11 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2016-02-09 22:05:34
redhat
redhat
(RHSA-2016:0166) Critical: flash-plugin security update
2016-02-10 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2016-03-12 00:00:00

0.012 Low

EPSS

Percentile

85.2%

JSON
Related for H1:119652
checkpoint_advisories1cve14ubuntucve14prion14nvd14cvelist14freebsd1nessus12kaspersky2openvas12suse4altlinux2mageia1redhat1gentoo1