CVE-2016-0959

high-risk

Published 2017-06-27

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.

Do I need to act?

0.98% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (10)

Flash Player

Flash Player Extended Support Release

Flash Player

Air

Air Sdk \& Compiler

Air

Flash Player

Flash Player For Linux

Air Sdk

Affected Vendors

Adobe

References (6)

http://rhn.redhat.com/errata/RHSA-2015-2697.html

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1294580

Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

http://rhn.redhat.com/errata/RHSA-2015-2697.html

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1294580

Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 3/34 · Minimal

Exposure 16/34 · Moderate