CVE-2016-1020

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-1020
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html Patch Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-0610.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html Third Party Advisory
http://www.securitytracker.com/id/1035509 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/85932 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:internet_explorer:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Information

Published : 2016-04-09 01:59

Updated : 2017-09-02 15:01

NVD link : CVE-2016-1020

Mitre link : CVE-2016-1020

JSON object : View

Products Affected

microsoft

  • windows_8.1
  • windows_10
  • windows

adobe

  • flash_player

apple

  • mac_os_x

linux

  • linux_kernel

google

  • chrome_os
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer