Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6987.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Adobe
  • Flash Player
  • Flash Player Desktop Runtime
Apple
  • Mac Os X
Google
  • Chrome Os
Linux
  • Linux Kernel
Microsoft
  • Windows
  • Windows 10
  • Windows 8.1
Redhat
  • Rhel Extras

Configuration 1 [-]

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
OR cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:linux:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5 Supplementary
flash-plugin-0:11.2.202.637-1.el5_11 cpe:/a:redhat:rhel_extras:5 RHSA-2016:2057 2016-10-12T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
flash-plugin-0:11.2.202.637-1.el6_8 cpe:/a:redhat:rhel_extras:6 RHSA-2016:2057 2016-10-12T00:00:00Z
References
Link Providers
http://rhn.redhat.com/errata/RHSA-2016-2057.html cve-icon cve-icon
http://www.securityfocus.com/bid/93492 cve-icon cve-icon
http://www.securitytracker.com/id/1036985 cve-icon cve-icon
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2016-6981 cve-icon
https://security.gentoo.org/glsa/201610-10 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2016-6981 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2024-08-06T01:50:46.037Z

Reserved: 2016-08-23T00:00:00

Link: CVE-2016-6981

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2016-10-13T19:59:52.807

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-6981

cve-icon Redhat

Severity : Critical

Publid Date: 2016-10-11T00:00:00Z

Links: CVE-2016-6981 - Bugzilla