Vulnerability CVE-2016-0985
Published: 2016-02-10

Description:
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Enterprise linux server supplementary 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux supplementary 
Redhat -> Enterprise linux desktop supplementary 
Redhat -> Enterprise linux workstation supplementary 
Redhat -> Enterprise linux server supplementary eus 
Opensuse -> Nonfree 
Opensuse -> Linux enterprise desktop 
Opensuse -> Linux enterprise workstation extension 
Microsoft -> Windows 
Linux -> Linux kernel 
Google -> Android 
Apple -> Iphone os 
Apple -> Mac os x 
Adobe -> AIR 
Adobe -> Air sdk 
Adobe -> Air sdk \& compiler 
Adobe -> Flash player 

 References:
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html
http://rhn.redhat.com/errata/RHSA-2016-0166.html
http://www.securitytracker.com/id/1034970
https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
https://security.gentoo.org/glsa/201603-07
https://www.exploit-db.com/exploits/39461/
Copyright 2024, cxsecurity.com

 

Back to Top