Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10756
HistoryFeb 09, 2016 - 12:00 a.m.

KLA10756 Arbitrary code execution in Adobe Flash Player & AIR

2016-02-0900:00:00
Kaspersky Lab
threats.kaspersky.com
29

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.934

Percentile

99.2%

JSON

Multiple serious vulnerabilities have been found in Adobe Flash Player & AIR. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities

  1. Type confusion vulnerability can be exploited remotely to execute arbitrary code;
  2. Use-after-free vulnerabilities could be exploited remotely to execute arbitrary code;
  3. Heap buffer overflow vulnerability can be exploited remotely to execute arbitrary code;
  4. Memory corruption vulnerabilities could be exploited remotely to cause denial of service or execute arbitrary code.

Original advisories

Adobe security bulletin

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Adobe-Flash-Player-ActiveX

Adobe-AIR

Adobe-Flash-Player-NPAPI

Adobe-Flash-Player-PPAPI

CVE list

CVE-2016-0985 critical

CVE-2016-0983 critical

CVE-2016-0984 critical

CVE-2016-0981 critical

CVE-2016-0982 critical

CVE-2016-0964 critical

CVE-2016-0965 critical

CVE-2016-0966 critical

CVE-2016-0967 critical

CVE-2016-0968 critical

CVE-2016-0969 critical

CVE-2016-0970 critical

CVE-2016-0972 critical

CVE-2016-0971 critical

CVE-2016-0976 critical

CVE-2016-0975 critical

CVE-2016-0974 critical

CVE-2016-0973 critical

CVE-2016-0980 critical

CVE-2016-0979 critical

CVE-2016-0978 critical

CVE-2016-0977 critical

Solution

Update to the latest versionGet AIR

Get Flash Player

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Adobe Flash Player versions earlier than 20.0.0.306Adobe Flash Player Extended Support Release versions earlier than 18.0.0.329Adobe Flash Player for Linux versions earlier than 11.2.202.569Adobe AIR versions earlier than 20.0.0.260

Related

nessus 12
freebsd 1
openvas 12
kaspersky 1
redhat 1
suse 4
altlinux 2
mageia 1
ubuntucve 22
prion 22
cve 22
nvd 22
cvelist 22
attackerkb 3
gentoo 1
zdt 7
exploitdb 7
cisa_kev 1
checkpoint_advisories 21
zdi 2
hackerone 3
googleprojectzero 1
threatpost 1
securelist 2
nessus
nessus
Adobe Flash Player for Mac <= 20.0.0.286 Multiple Vulnerabilities (APSB16-04)
2016-02-09 00:00:00
FreeBSD : flash -- multiple vulnerabilities (5d8e56c3-9e67-4d5b-81c9-3a409dfd705f)
2016-02-11 00:00:00
openSUSE Security Update : flash-player (openSUSE-2016-183)
2016-02-11 00:00:00
freebsd
freebsd
flash -- multiple vulnerabilities
2016-02-09 00:00:00
openvas
openvas
Adobe Air Multiple Vulnerabilities (Feb 2016) - Mac OS X
2016-02-12 00:00:00
Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3135782)
2017-03-18 00:00:00
Adobe Flash Player Multiple Vulnerabilities -01 (Feb 2016) - Linux
2016-02-10 00:00:00
kaspersky
kaspersky
KLA10758 Obsolete Adobe Flash Player for Windows
2016-02-09 00:00:00
redhat
redhat
(RHSA-2016:0166) Critical: flash-plugin security update
2016-02-10 00:00:00
suse
suse
Security update for flash-player (important)
2016-02-11 12:11:42
Security update for flash-player (important)
2016-02-10 13:12:35
Security update for flash-player (important)
2016-02-10 22:11:01
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt59
2016-02-11 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt59
2016-02-11 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2016-02-09 22:05:34
ubuntucve
ubuntucve
CVE-2016-0972
2016-02-10 00:00:00
CVE-2016-0967
2016-02-10 00:00:00
CVE-2016-0981
2016-02-10 00:00:00
prion
prion
Memory corruption
2016-02-10 20:59:00
Memory corruption
2016-02-10 20:59:00
Memory corruption
2016-02-10 20:59:00
cve
cve
CVE-2016-0980
2016-02-10 20:59:28
CVE-2016-0972
2016-02-10 20:59:20
CVE-2016-0967
2016-02-10 20:59:14
nvd
nvd
CVE-2016-0967
2016-02-10 20:59:14
CVE-2016-0972
2016-02-10 20:59:20
CVE-2016-0980
2016-02-10 20:59:28
cvelist
cvelist
CVE-2016-0964
2016-02-10 20:00:00
CVE-2016-0978
2016-02-10 20:00:00
CVE-2016-0965
2016-02-10 20:00:00
attackerkb
attackerkb
CVE-2016-0973
2016-02-10 00:00:00
CVE-2016-0984
2016-02-10 00:00:00
CVE-2016-0983
2016-02-10 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2016-03-12 00:00:00
zdt
zdt
Adobe Flash - BitmapData.drawWithQuality Heap Overflow
2016-02-17 00:00:00
Adobe Flash - Sound.loadPCMFromByteArray Dangling Pointer
2016-02-17 00:00:00
Adobe Flash - Out-of-Bounds Image Read
2016-02-17 00:00:00
exploitdb
exploitdb
Adobe Flash - BitmapData.drawWithQuality Heap Overflow
2016-02-17 00:00:00
Adobe Flash - LoadVars.decode Use-After-Free
2016-02-17 00:00:00
Adobe Flash - Out-of-Bounds Image Read
2016-02-17 00:00:00
cisa_kev
cisa_kev
Adobe Flash Player and AIR Use-After-Free Vulnerability
2022-05-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSB16-04: CVE-2016-0970)
2016-02-10 00:00:00
Adobe Flash Player Memory Corruption (APSB16-04: CVE-2016-0966)
2016-02-10 00:00:00
Adobe Flash Player Use After Free Code Execution (APSB16-04: CVE-2016-0982)
2016-02-14 00:00:00
zdi
zdi
Adobe Flash instanceof Use-After-Free Remote Code Execution Vulnerability
2016-02-09 00:00:00
Adobe Flash URLRequest Use-After-Free Remote Code Execution Vulnerability
2016-02-09 00:00:00
hackerone
hackerone
Internet Bug Bounty: Adobe Flash Player ASnative(900,1).call(MovieClip) Use-After-Free Vulnerability
2016-03-01 08:01:33
Internet Bug Bounty: Adobe Flash Player ASnative(900,1).call(TextField) Use-After-Free Vulnerability
2016-03-01 08:03:36
Internet Bug Bounty: Adobe Flash Player ASnative(101,10) Memory Corruption Vulnerability
2016-03-01 07:57:50
googleprojectzero
googleprojectzero
Life After the Isolated Heap
2016-03-28 00:00:00
threatpost
threatpost
Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity
2017-08-08 16:34:08
securelist
securelist
BlackOasis APT and new targeted attacks leveraging zero-day exploit
2017-10-16 14:28:47
APT Trends report Q2 2017
2017-08-08 14:00:40

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.934

Percentile

99.2%

JSON
Related for KLA10756
nessus12freebsd1openvas12kaspersky1redhat1suse4altlinux2mageia1ubuntucve22prion22cve22nvd22cvelist22attackerkb3gentoo1zdt7exploitdb7cisa_kev1checkpoint_advisories21zdi2hackerone3googleprojectzero1threatpost1securelist2