8.8 CVE-2016-1023

Patch
 

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.
https://nvd.nist.gov/vuln/detail/CVE-2016-1023

Categories

CWE-787 : Out-of-bounds Write
Typically, this can result in corruption of data, a crash, or code execution. The product may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

References

BID

85932
Broken Link Third Party Advisory VDB Entry

CONFIRM Patch

REDHAT

RHSA-2016:0610
Third Party Advisory

SECTRACK

1035509
Broken Link Third Party Advisory VDB Entry

SUSE

SUSE-SU-2016:1305
Broken Link Third Party Advisory
openSUSE-SU-2016:1306
Broken Link Third Party Advisory


 

CPE

cpe start end
Configuration 1
   cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* <= 11.2.202.577
  Running on/with
  cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Configuration 2
   cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* <= 21.0.0.197
  Running on/with
  cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Configuration 3
   cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:* <= 18.0.0.333
  Running on/with
  cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Configuration 4
AND
  OR
  cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
  OR
   cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:* <= 21.0.0.197
Configuration 5
   cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:* <= 21.0.0.197
  Running on/with
  cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
  cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
  cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Configuration 6
AND
  OR
  cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  OR
   cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:* <= 21.0.0.197
Configuration 7
   cpe:2.3:a:adobe:air_desktop_runtime:*:*:*:*:*:*:*:* <= 21.0.0.176
  Running on/with
  cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Configuration 8
   cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:* <= 21.0.0.176
  Running on/with
  cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
  cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Configuration 9
   cpe:2.3:a:adobe:air_sdk_&_compiler:*:*:*:*:*:*:*:* <= 21.0.0.176
  Running on/with
  cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
  cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
  cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
  cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

REMEDIATION

Patch

Url
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html

EXPLOITS

Exploit-db.com

id description date
No known exploits

Other (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry

MITRE