Description
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/39827
References (7)
Core 7
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/39827/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035827
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/137052/Adobe-Flash-ATF-Processing-Heap-Overflow.html
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064
Various Sources x_refsource_confirm
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1079.html
Scores
CVSS v3
7.5
EPSS
0.5307
EPSS Percentile
98.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (4)
adobe/flash_player
< 21.0.0.213
microsoft/edge
microsoft/internet_explorer
10
microsoft/internet_explorer
11
Published
May 11, 2016
Tracked Since
Feb 18, 2026