CVE-2016-1010
HIGH KEVAdobe Flash Player < 18.0.0.333, 19.x-21.x < 21.0.0.182, < 11.2.202.577 - Remote Code Execution via Integer Overflow
Title source: llmExploitation Summary
CVE-2016-1010 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 25, 2022.
Description
Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035251
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201603-07
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/84308
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1010
Scores
CVSS v3
8.8
EPSS
0.1270
EPSS Percentile
94.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-05-25
VulnCheck KEV
2016-03-10
InTheWild.io
2016-03-10
ENISA EUVD
EUVD-2016-2114
CWE
CWE-190
Status
published
Products (8)
adobe/air
< 20.0.0.233
adobe/air_desktop_runtime
< 20.0.0.260
adobe/air_sdk
< 20.0.0.260
adobe/air_sdk_\&_compiler
< 20.0.0.260
adobe/flash_player
< 11.2.202.569
adobe/flash_player
< 20.0.0.306 (3 CPE variants)
adobe/flash_player_desktop_runtime
< 20.2.2.306
samsung/x14j_firmware
t-ms14jakucb-1102.5
Published
Mar 12, 2016
KEV Added
May 25, 2022
Tracked Since
Feb 18, 2026