CVE-2016-1019

critical-risk
Published 2016-04-07

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.

Do I need to act?

!
71.4% chance of exploitation in next 30 days
EPSS score — higher than 29% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (9)

Affected Vendors

Adobe

References (32)

Broken Link http://blogs.adobe.com/psirt/?p=1330
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0610.html
Broken Link http://www.securityfocus.com/bid/85856
Broken Link http://www.securitytracker.com/id/1035491
Patch https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-05...
Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
Third Party Advisory https://security.gentoo.org/glsa/201606-08
Broken Link https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html
Broken Link http://blogs.adobe.com/psirt/?p=1330
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html
and 12 more references
73
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 26/34 · High
Exposure 15/34 · Moderate