CVE-2016-1019

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-1019
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://blogs.adobe.com/psirt/?p=1330 Broken Link Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html Broken Link
http://rhn.redhat.com/errata/RHSA-2016-0610.html Third Party Advisory
http://www.securityfocus.com/bid/85856 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1035491 Broken Link Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 Patch Third Party Advisory Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html Vendor Advisory
https://security.gentoo.org/glsa/201606-08 Third Party Advisory
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html Broken Link
http://blogs.adobe.com/psirt/?p=1330 Broken Link Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html Broken Link
http://rhn.redhat.com/errata/RHSA-2016-0610.html Third Party Advisory
http://www.securityfocus.com/bid/85856 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1035491 Broken Link Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 Patch Third Party Advisory Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html Vendor Advisory
https://security.gentoo.org/glsa/201606-08 Third Party Advisory
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html Broken Link
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
OR cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:a:adobe:air_desktop_runtime:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

21 Nov 2024, 02:45

Type Values Removed Values Added
References () http://blogs.adobe.com/psirt/?p=1330 - Broken Link, Vendor Advisory () http://blogs.adobe.com/psirt/?p=1330 - Broken Link, Vendor Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html - Broken Link
References () http://rhn.redhat.com/errata/RHSA-2016-0610.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2016-0610.html - Third Party Advisory
References () http://www.securityfocus.com/bid/85856 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/85856 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1035491 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1035491 - Broken Link, Third Party Advisory, VDB Entry
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 - Patch, Third Party Advisory, Vendor Advisory () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 - Patch, Third Party Advisory, Vendor Advisory
References () https://helpx.adobe.com/security/products/flash-player/apsa16-01.html - Vendor Advisory () https://helpx.adobe.com/security/products/flash-player/apsa16-01.html - Vendor Advisory
References () https://helpx.adobe.com/security/products/flash-player/apsb16-10.html - Vendor Advisory () https://helpx.adobe.com/security/products/flash-player/apsb16-10.html - Vendor Advisory
References () https://security.gentoo.org/glsa/201606-08 - Third Party Advisory () https://security.gentoo.org/glsa/201606-08 - Third Party Advisory
References () https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html - Broken Link () https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html - Broken Link

10 Nov 2022, 20:10

Type Values Removed Values Added
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-0610.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-0610.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html - Broken Link
References (GENTOO) https://security.gentoo.org/glsa/201606-08 - (GENTOO) https://security.gentoo.org/glsa/201606-08 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html - Broken Link
References (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 - (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 - Patch, Third Party Advisory, Vendor Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html - Broken Link
References (CONFIRM) http://blogs.adobe.com/psirt/?p=1330 - Vendor Advisory (CONFIRM) http://blogs.adobe.com/psirt/?p=1330 - Broken Link, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/85856 - (BID) http://www.securityfocus.com/bid/85856 - Broken Link, Third Party Advisory, VDB Entry
References (MISC) https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html - (MISC) https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html - Broken Link
References (SECTRACK) http://www.securitytracker.com/id/1035491 - (SECTRACK) http://www.securitytracker.com/id/1035491 - Broken Link, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*		 cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:a:adobe:air_desktop_runtime:*:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
Information

Published : 2016-04-07 10:59

Updated : 2025-02-14 16:14

NVD link : CVE-2016-1019

Mitre link : CVE-2016-1019

CVE.ORG link : CVE-2016-1019

JSON object : View

Products Affected

apple

  • iphone_os
  • mac_os_x

adobe

  • air_desktop_runtime
  • air_sdk
  • flash_player_desktop_runtime
  • air_sdk_\&_compiler
  • flash_player

google

  • android
  • chrome_os

microsoft

  • windows
  • windows_10
  • windows_8.1

linux

  • linux_kernel
CWE
NVD-CWE-noinfo