ID

VAR-201604-0519


CVE

CVE-2016-1006


TITLE

Adobe Flash Player In ASLR Vulnerabilities that circumvent protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2016-002086

DESCRIPTION

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass the ASLR protection mechanism via JIT data. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlBy the attacker, JIT Through the data, ASLR Protection mechanisms may be bypassed. Attackers can exploit this issue to bypass certain security restrictions. Successful exploitation will allow an attacker to take control of the affected system. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0610-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html Issue date: 2016-04-08 CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012 CVE-2016-1013 CVE-2016-1014 CVE-2016-1015 CVE-2016-1016 CVE-2016-1017 CVE-2016-1018 CVE-2016-1019 CVE-2016-1020 CVE-2016-1021 CVE-2016-1022 CVE-2016-1023 CVE-2016-1024 CVE-2016-1025 CVE-2016-1026 CVE-2016-1027 CVE-2016-1028 CVE-2016-1029 CVE-2016-1030 CVE-2016-1031 CVE-2016-1032 CVE-2016-1033 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.616-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.616-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.616-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.616-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.616-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.616-1.el6_7.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.616-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.616-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.616-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.616-1.el6_7.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1006 https://access.redhat.com/security/cve/CVE-2016-1011 https://access.redhat.com/security/cve/CVE-2016-1012 https://access.redhat.com/security/cve/CVE-2016-1013 https://access.redhat.com/security/cve/CVE-2016-1014 https://access.redhat.com/security/cve/CVE-2016-1015 https://access.redhat.com/security/cve/CVE-2016-1016 https://access.redhat.com/security/cve/CVE-2016-1017 https://access.redhat.com/security/cve/CVE-2016-1018 https://access.redhat.com/security/cve/CVE-2016-1019 https://access.redhat.com/security/cve/CVE-2016-1020 https://access.redhat.com/security/cve/CVE-2016-1021 https://access.redhat.com/security/cve/CVE-2016-1022 https://access.redhat.com/security/cve/CVE-2016-1023 https://access.redhat.com/security/cve/CVE-2016-1024 https://access.redhat.com/security/cve/CVE-2016-1025 https://access.redhat.com/security/cve/CVE-2016-1026 https://access.redhat.com/security/cve/CVE-2016-1027 https://access.redhat.com/security/cve/CVE-2016-1028 https://access.redhat.com/security/cve/CVE-2016-1029 https://access.redhat.com/security/cve/CVE-2016-1030 https://access.redhat.com/security/cve/CVE-2016-1031 https://access.redhat.com/security/cve/CVE-2016-1032 https://access.redhat.com/security/cve/CVE-2016-1033 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://helpx.adobe.com/security/products/flash-player/apsa16-01.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu G9PFZU0Qlj7WStliuEGAtVg= =hje9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.16

sources: NVD: CVE-2016-1006 // JVNDB: JVNDB-2016-002086 // BID: 85927 // VULHUB: VHN-88798 // VULMON: CVE-2016-1006 // PACKETSTORM: 136616

AFFECTED PRODUCTS

vendor:adobemodel:flash playerscope:lteversion:11.2.202.577

Trust: 1.0

vendor:adobemodel:air sdk \& compilerscope:lteversion:21.0.0.176

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:18.0.0.333

Trust: 1.0

vendor:adobemodel:air sdkscope:lteversion:21.0.0.176

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:21.0.0.197

Trust: 1.0

vendor:adobemodel:flash player desktop runtimescope:lteversion:21.0.0.197

Trust: 1.0

vendor:adobemodel:air desktop runtimescope:lteversion:21.0.0.176

Trust: 1.0

vendor:googlemodel:chromescope: - version: -

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:11.2.202.616 (linux)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:21.0.0.213 (windows 10 edition microsoft edge/internet explorer 11)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:21.0.0.213 (windows 8.1 edition internet explorer 11)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:21.0.0.213 (windows/macintosh/linux/chromeos edition chrome)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:desktop runtime 21.0.0.213 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:continuous support release 18.0.0.343 (windows/macintosh)

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:version 1511 for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:version 1511 for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows 8.1scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 8.1scope:eqversion:for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows rt 8.1scope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows server 2012scope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows server 2012scope:eqversion:r2

Trust: 0.8

vendor:microsoftmodel:windows 10scope: - version: -

Trust: 0.6

vendor:redmodel:hat enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux server supplementaryscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementaryscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.53.64

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.51.66

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.452

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.3218

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.22.87

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.15.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.36

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.35

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.2460

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.152.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.151.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.124.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.48.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.47.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.45.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.31.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.289.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.283.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.280

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.28.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.277.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.260.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.246.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.159.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.155.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.115.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8.0.35.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8.0.34.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.73.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.70.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.69.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.68.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.67.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.66.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.61.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.60.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.53.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.24.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.19.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.14.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:6.0.79

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:6.0.21.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.235

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.233

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.229

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.228

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.223

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.112.61

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.9

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.63

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.62

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.228

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.0.1.152

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.25

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.23

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.22

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.4

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.34

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.26

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.23

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.22

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.16

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.14

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.159.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.157.51

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.156.12

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.28

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.27

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.25

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.24

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.13

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.153.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.33

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.32

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.85.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.82.76

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.52.15

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.52.14.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.106.16

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.105.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.65

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.64

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.42.34

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.32.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.4

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9130

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9120

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.2.0.2080

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.2.0.2070

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.1.0.4880

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.0

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7.1.1961

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6.19140

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6.19120

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.5.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2.12610

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.01

Trust: 0.3

sources: BID: 85927 // JVNDB: JVNDB-2016-002086 // CNNVD: CNNVD-201604-101 // NVD: CVE-2016-1006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1006
value: HIGH

Trust: 1.0

NVD: CVE-2016-1006
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201604-101
value: HIGH

Trust: 0.6

VULHUB: VHN-88798
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-1006
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1006
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2016-1006
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-88798
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1006
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2016-1006
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-88798 // VULMON: CVE-2016-1006 // JVNDB: JVNDB-2016-002086 // CNNVD: CNNVD-201604-101 // NVD: CVE-2016-1006

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

problemtype:CWE-254

Trust: 0.1

sources: VULHUB: VHN-88798 // JVNDB: JVNDB-2016-002086 // NVD: CVE-2016-1006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-101

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201604-101

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002086

PATCH

title:APSB16-10url:http://helpx.adobe.com/security/products/flash-player/apsb16-10.html

Trust: 0.8

title:APSB16-10url:http://helpx.adobe.com/jp/security/products/flash-player/apsb16-10.html

Trust: 0.8

title:Google Chromeurl:https://www.google.com/intl/ja/chrome/browser/features.html

Trust: 0.8

title:Chrome Releasesurl:http://googlechromereleases.blogspot.jp/

Trust: 0.8

title:Google Chrome を更新するurl:https://support.google.com/chrome/answer/95414?hl=ja

Trust: 0.8

title:Security Update for Adobe Flash Player (3154132)url:https://technet.microsoft.com/en-us/library/security/MS16-050.aspx

Trust: 0.8

title:Adobe Flash Player のセキュリティ更新プログラム (3154132)url:https://technet.microsoft.com/ja-jp/library/security/MS16-050.aspx

Trust: 0.8

title:アドビ システムズ社 Adobe Flash Player の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20160411f.html

Trust: 0.8

title:Adobe Flash Player Remediation measures for reusing vulnerabilities after releaseurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=60832

Trust: 0.6

title:Red Hat: CVE-2016-1006url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-1006

Trust: 0.1

title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study

Trust: 0.1

sources: VULMON: CVE-2016-1006 // JVNDB: JVNDB-2016-002086 // CNNVD: CNNVD-201604-101

EXTERNAL IDS

db:NVDid:CVE-2016-1006

Trust: 3.0

db:SECTRACKid:1035509

Trust: 1.8

db:JVNDBid:JVNDB-2016-002086

Trust: 0.8

db:CNNVDid:CNNVD-201604-101

Trust: 0.6

db:BIDid:85927

Trust: 0.5

db:PACKETSTORMid:136616

Trust: 0.2

db:VULHUBid:VHN-88798

Trust: 0.1

db:VULMONid:CVE-2016-1006

Trust: 0.1

sources: VULHUB: VHN-88798 // VULMON: CVE-2016-1006 // BID: 85927 // JVNDB: JVNDB-2016-002086 // PACKETSTORM: 136616 // CNNVD: CNNVD-201604-101 // NVD: CVE-2016-1006

REFERENCES

url:https://helpx.adobe.com/security/products/flash-player/apsb16-10.html

Trust: 2.2

url:http://rhn.redhat.com/errata/rhsa-2016-0610.html

Trust: 1.9

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050

Trust: 1.8

url:http://www.securitytracker.com/id/1035509

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1006

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20160406-adobeflashplayer.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2016/at160016.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1006

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/topics/?seq=18124

Trust: 0.8

url:https://www.adobe.com/software/flash/about/

Trust: 0.3

url:http://www.adobe.com

Trust: 0.3

url:https://technet.microsoft.com/library/security/ms16-050

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-1006

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.securityfocus.com/bid/85927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1017

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1021

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1027

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1026

Trust: 0.1

url:https://helpx.adobe.com/security/products/flash-player/apsa16-01.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1028

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1019

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1017

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1020

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1028

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1011

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1026

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1029

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1030

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1011

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1019

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1012

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1030

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1020

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1014

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1025

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1006

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1018

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1014

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1033

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1031

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1027

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1021

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1024

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1031

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1033

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1024

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1025

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1018

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-1032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1029

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1032

Trust: 0.1

sources: VULHUB: VHN-88798 // VULMON: CVE-2016-1006 // BID: 85927 // JVNDB: JVNDB-2016-002086 // PACKETSTORM: 136616 // CNNVD: CNNVD-201604-101 // NVD: CVE-2016-1006

CREDITS

Kang Yang of Qihoo 360

Trust: 0.6

sources: CNNVD: CNNVD-201604-101

SOURCES

db:VULHUBid:VHN-88798
db:VULMONid:CVE-2016-1006
db:BIDid:85927
db:JVNDBid:JVNDB-2016-002086
db:PACKETSTORMid:136616
db:CNNVDid:CNNVD-201604-101
db:NVDid:CVE-2016-1006

LAST UPDATE DATE

2024-08-14T13:32:09.932000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-88798date:2023-01-26T00:00:00
db:VULMONid:CVE-2016-1006date:2023-01-26T00:00:00
db:BIDid:85927date:2016-07-06T14:26:00
db:JVNDBid:JVNDB-2016-002086date:2016-04-19T00:00:00
db:CNNVDid:CNNVD-201604-101date:2023-01-28T00:00:00
db:NVDid:CVE-2016-1006date:2023-01-26T18:36:19.460

SOURCES RELEASE DATE

db:VULHUBid:VHN-88798date:2016-04-09T00:00:00
db:VULMONid:CVE-2016-1006date:2016-04-09T00:00:00
db:BIDid:85927date:2016-04-07T00:00:00
db:JVNDBid:JVNDB-2016-002086date:2016-04-19T00:00:00
db:PACKETSTORMid:136616date:2016-04-08T22:04:53
db:CNNVDid:CNNVD-201604-101date:2016-04-08T00:00:00
db:NVDid:CVE-2016-1006date:2016-04-09T01:59:26.387