CVE-2016-1000

HIGH

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999.

References

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html

http://rhn.redhat.com/errata/RHSA-2016-1582.html

http://rhn.redhat.com/errata/RHSA-2016-1583.html

http://www.securityfocus.com/bid/84312

http://www.securitytracker.com/id/1035251

https://helpx.adobe.com/security/products/flash-player/apsb16-08.html

https://security.gentoo.org/glsa/201603-07

https://www.exploit-db.com/exploits/39610/

Details

Source: MITRE

Published: 2016-03-12

Updated: 2017-09-08

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air_sdk_\\\&_compiler:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:a:adobe:flash_player_esr:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*

OR

cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 8

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*

OR

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

Configuration 9

AND

OR

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
90292FreeBSD : flash -- multiple vulnerabilities (f7b3d1eb-f738-11e5-a710-0011d823eebd)NessusFreeBSD Local Security Checks
critical
9177Adobe AIR < 21.0.0.176 Multiple Vulnerabilities (APSB16-08)Nessus Network MonitorWeb Clients
critical
9176Flash Player < 21.0.0.182 Multiple Vulnerabilities (APSB16-08)Nessus Network MonitorWeb Clients
critical
89921SUSE SLED11 Security Update : flash-player (SUSE-SU-2016:0716-1)NessusSuSE Local Security Checks
critical
89920SUSE SLED12 Security Update : flash-player (SUSE-SU-2016:0715-1)NessusSuSE Local Security Checks
critical
89917RHEL 5 / 6 : flash-plugin (RHSA-2016:0438)NessusRed Hat Local Security Checks
critical
89916openSUSE Security Update : Adobe Flash Player (openSUSE-2016-335)NessusSuSE Local Security Checks
critical
89908openSUSE Security Update : Adobe Flash Player (openSUSE-2016-325)NessusSuSE Local Security Checks
critical
89900GLSA-201603-07 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
89870Adobe Flash Player for Mac <= 20.0.0.306 Multiple Vulnerabilities (APSB16-08)NessusMacOS X Local Security Checks
critical
89869Adobe AIR for Mac <= 20.0.0.260 Multiple Vulnerabilities (APSB16-08)NessusMacOS X Local Security Checks
critical
89868Adobe AIR <= 20.0.0.260 Multiple Vulnerabilities (APSB16-08)NessusWindows
critical
89835MS16-036: Security Update for Adobe Flash Player (3144756)NessusWindows : Microsoft Bulletins
critical
89834Adobe Flash Player <= 20.0.0.306 Multiple Vulnerabilities (APSB16-08)NessusWindows
critical