7.3
CVE-2016-1014
- EPSS 1.21%
- Veröffentlicht 09.04.2016 01:59:30
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Flash Player Version <= 11.2.202.577
Adobe ≫ Flash Player Desktop Runtime Version <= 21.0.0.197
Adobe ≫ Flash Player SwEditionesr Version <= 18.0.0.333
Adobe ≫ Flash Player SwPlatforminternet_explorer Version <= 21.0.0.197
Adobe ≫ Flash Player SwPlatformchrome Version <= 21.0.0.197
Adobe ≫ Flash Player SwPlatformedge Version <= 21.0.0.197
Adobe ≫ Air Desktop Runtime Version <= 21.0.0.176
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.21% | 0.643 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
http://rhn.redhat.com/errata/RHSA-2016-0610.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
http://www.securitytracker.com/id/1035509
http://packetstormsecurity.com/files/137532/Adobe-Flash-Player-DLL-Hijacking.html
http://seclists.org/fulldisclosure/2016/Jun/39
http://www.securityfocus.com/archive/1/538699/100/0/threaded