7.3

CVE-2016-1014

Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeFlash Player Version <= 11.2.202.577
   LinuxLinux Kernel Version-
AdobeFlash Player Desktop Runtime Version <= 21.0.0.197
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player SwEditionesr Version <= 18.0.0.333
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatforminternet_explorer Version <= 21.0.0.197
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player SwPlatformchrome Version <= 21.0.0.197
   ApplemacOS X Version-
   GoogleChrome Os Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformedge Version <= 21.0.0.197
   MicrosoftWindows 10 Version-
AdobeAir Desktop Runtime Version <= 21.0.0.176
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeAir Sdk Version <= 21.0.0.176
   AppleiPhone OS Version-
   ApplemacOS X Version-
   GoogleAndroid Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.21% 0.643
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.3 1.3 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
Third Party Advisory
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
Third Party Advisory
Broken Link
http://rhn.redhat.com/errata/RHSA-2016-0610.html
Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050
Patch
Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
Patch
Vendor Advisory
http://www.securitytracker.com/id/1035509
Third Party Advisory
Broken Link
VDB Entry
http://packetstormsecurity.com/files/137532/Adobe-Flash-Player-DLL-Hijacking.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Jun/39
Third Party Advisory
Mailing List
http://www.securityfocus.com/archive/1/538699/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry