CVE-2016-1019
CRITICAL KEV RANSOMWAREAdobe Flash Player < 21.0.0.197 - Remote Code Execution
Title source: llmExploitation Summary
CVE-2016-1019 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022, with confirmed use in ransomware campaigns.
Description
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
References (17)
Core 17
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201606-08
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html
Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035491
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
Broken Link, Vendor Advisory x_refsource_confirm
http://blogs.adobe.com/psirt/?p=1330
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0610.html
Patch, Third Party Advisory, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050
Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/85856
Broken Link x_refsource_misc
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html
Issue Tracking
https://github.com/cisagov/vulnrichment/issues/196
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1019
Scores
CVSS v3
9.8
EPSS
0.5349
EPSS Percentile
98.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-03-03
VulnCheck KEV
2016-04-02
InTheWild.io
2016-04-02
ENISA EUVD
EUVD-2016-2123
Ransomware Use
Confirmed
Status
published
Products (7)
adobe/air_desktop_runtime
< 21.0.0.176
adobe/air_sdk
< 21.0.0.176
adobe/air_sdk_\&_compiler
< 21.0.0.176
adobe/flash_player
< 11.2.202.577
adobe/flash_player
< 18.0.0.333
adobe/flash_player
< 21.0.0.197 (3 CPE variants)
adobe/flash_player_desktop_runtime
< 21.0.0.197
Published
Apr 07, 2016
KEV Added
Mar 03, 2022
Tracked Since
Feb 18, 2026