CVE-2016-1019

EUVD-2016-2123
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
adobeflash_player_desktop_runtime
𝑥
≤ 21.0.0.197
adobeflash_player
𝑥
≤ 18.0.0.333
adobeflash_player
𝑥
≤ 21.0.0.197
adobeflash_player
𝑥
≤ 21.0.0.197
adobeflash_player
𝑥
≤ 21.0.0.197
adobeflash_player
𝑥
≤ 11.2.202.577
adobeair_desktop_runtime
𝑥
≤ 21.0.0.176
adobeair_sdk
𝑥
≤ 21.0.0.176
adobeair_sdk_\&_compiler
𝑥
≤ 21.0.0.176
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
precise
Fixed 1:20160407.1-0ubuntu0.12.04.1
released
trusty
Fixed 1:20160407.1-0ubuntu0.14.04.1
released
wily
Fixed 1:20160407.1-0ubuntu0.15.10.1
released
flashplugin-nonfree
precise
Fixed 11.2.202.616ubuntu0.12.04.1
released
trusty
Fixed 11.2.202.616ubuntu0.14.04.1
released
wily
Fixed 11.2.202.616ubuntu0.15.10.1
released
References
http://blogs.adobe.com/psirt/?p=1330
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
http://rhn.redhat.com/errata/RHSA-2016-0610.html
http://www.securityfocus.com/bid/85856
http://www.securitytracker.com/id/1035491
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://security.gentoo.org/glsa/201606-08
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html
http://blogs.adobe.com/psirt/?p=1330
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
http://rhn.redhat.com/errata/RHSA-2016-0610.html
http://www.securityfocus.com/bid/85856
http://www.securitytracker.com/id/1035491
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
https://security.gentoo.org/glsa/201606-08
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html
https://github.com/cisagov/vulnrichment/issues/196
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1019