CVE-2016-0959

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1294580	Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2697.html

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:apple:mac_os_x:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:adobe:flash_player_extended_support_release:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:google:chrome_os:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player::::::internet_explorer::*
	cpe:2.3:a:adobe:flash_player::::::edge::*

cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*

OR	cpe:2.3:o:microsoft:windows_8.0::::::::
	cpe:2.3:o:microsoft:windows_8.1::::::::

Configuration 6 (hide)

AND

cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:apple:mac_os_x:-:::::::*

Configuration 8 (hide)

AND

cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:google:android:-:::::::*
	cpe:2.3:o:apple:mac_os_x:-:::::::*

Configuration 9 (hide)

cpe:2.3:a:adobe:air:*:*:*:*:*:android:*:*

Configuration 10 (hide)

AND

cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:google:android:-:::::::*
	cpe:2.3:o:apple:mac_os_x:-:::::::*

Information

Published : 2017-06-27 13:29

Updated : 2018-01-04 18:30

NVD link : CVE-2016-0959

Mitre link : CVE-2016-0959

JSON object : View

CWE

CWE-416

Use After Free

Products Affected

adobe

air
air_sdk_\&_compiler
air_sdk
flash_player_for_linux
flash_player_extended_support_release
flash_player

google

android
chrome_os

microsoft

windows
windows_8.0
windows_10
windows_8.1

linux

linux_kernel

apple

mac_os_x
iphone_os

9.8 /10