9.3

CVE-2016-1005

EPSS 10.95%
Published 12.03.2016 15:59:23
Last modified 12.04.2025 10:46:40
Source psirt@adobe.com
Teams watchlist Login
Open Login

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Flash Player SwPlatformchrome Version <= 20.0.0.306

   Apple ≫ macOS X Version-
   Google ≫ Chrome Os Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Air Version <= 20.0.0.233

Google ≫ Android Version-

Adobe ≫ Air Sdk Version <= 20.0.0.260

   Apple ≫ iPhone OS Version-
   Apple ≫ macOS X Version-
   Google ≫ Android Version-
   Microsoft ≫ Windows Version-

Samsung ≫ X14j Firmware Versiont-ms14jakucb-1102.5

   Apple ≫ iPhone OS Version-
   Apple ≫ macOS X Version-
   Google ≫ Android Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Flash Player Version <= 11.2.202.569

Linux ≫ Linux Kernel Version-

Adobe ≫ Flash Player Desktop Runtime Version <= 20.2.2.306

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwPlatformedge Version <= 20.0.0.306

Microsoft ≫ Windows 10 Version-

Adobe ≫ Flash Player SwPlatforminternet_explorer Version <= 20.0.0.306

Microsoft ≫ Windows 10 Version-
Microsoft ≫ Windows 8.1 Version-

Adobe ≫ Air Desktop Runtime Version <= 20.0.0.260

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.95%	0.932

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://security.gentoo.org/glsa/201603-07

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html

Third Party Advisory

Broken Link

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html

Third Party Advisory

Broken Link

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html

Third Party Advisory

Broken Link

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html

Third Party Advisory

Broken Link

Mailing List

http://www.securityfocus.com/bid/84311

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1035251

Third Party Advisory

Broken Link

VDB Entry

https://helpx.adobe.com/security/products/flash-player/apsb16-08.html

Patch

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-16-192/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-1005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1005

EUVD