Details of VAR-201604-0519

ID

VAR-201604-0519

CVE

CVE-2016-1006

TITLE

Adobe Flash Player In ASLR Vulnerabilities that circumvent protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2016-002086

DESCRIPTION

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass the ASLR protection mechanism via JIT data. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlBy the attacker, JIT Through the data, ASLR Protection mechanisms may be bypassed. Attackers can exploit this issue to bypass certain security restrictions. Successful exploitation will allow an attacker to take control of the affected system. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:0610-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0610.html Issue date: 2016-04-08 CVE Names: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012 CVE-2016-1013 CVE-2016-1014 CVE-2016-1015 CVE-2016-1016 CVE-2016-1017 CVE-2016-1018 CVE-2016-1019 CVE-2016-1020 CVE-2016-1021 CVE-2016-1022 CVE-2016-1023 CVE-2016-1024 CVE-2016-1025 CVE-2016-1026 CVE-2016-1027 CVE-2016-1028 CVE-2016-1029 CVE-2016-1030 CVE-2016-1031 CVE-2016-1032 CVE-2016-1033 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1324353 - flash-plugin: multiple code execution issues fixed in APSB16-10 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.616-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.616-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.616-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.616-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.616-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.616-1.el6_7.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.616-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.616-1.el6_7.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.616-1.el6_7.i686.rpm x86_64: flash-plugin-11.2.202.616-1.el6_7.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1006 https://access.redhat.com/security/cve/CVE-2016-1011 https://access.redhat.com/security/cve/CVE-2016-1012 https://access.redhat.com/security/cve/CVE-2016-1013 https://access.redhat.com/security/cve/CVE-2016-1014 https://access.redhat.com/security/cve/CVE-2016-1015 https://access.redhat.com/security/cve/CVE-2016-1016 https://access.redhat.com/security/cve/CVE-2016-1017 https://access.redhat.com/security/cve/CVE-2016-1018 https://access.redhat.com/security/cve/CVE-2016-1019 https://access.redhat.com/security/cve/CVE-2016-1020 https://access.redhat.com/security/cve/CVE-2016-1021 https://access.redhat.com/security/cve/CVE-2016-1022 https://access.redhat.com/security/cve/CVE-2016-1023 https://access.redhat.com/security/cve/CVE-2016-1024 https://access.redhat.com/security/cve/CVE-2016-1025 https://access.redhat.com/security/cve/CVE-2016-1026 https://access.redhat.com/security/cve/CVE-2016-1027 https://access.redhat.com/security/cve/CVE-2016-1028 https://access.redhat.com/security/cve/CVE-2016-1029 https://access.redhat.com/security/cve/CVE-2016-1030 https://access.redhat.com/security/cve/CVE-2016-1031 https://access.redhat.com/security/cve/CVE-2016-1032 https://access.redhat.com/security/cve/CVE-2016-1033 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://helpx.adobe.com/security/products/flash-player/apsa16-01.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXB6r+XlSAg2UNWIIRAqXEAJ44jFWW6WMUgRPSAbP4oztN8yiEwQCgvxUu G9PFZU0Qlj7WStliuEGAtVg= =hje9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.16

sources: NVD: CVE-2016-1006 // JVNDB: JVNDB-2016-002086 // BID: 85927 // VULHUB: VHN-88798 // VULMON: CVE-2016-1006 // PACKETSTORM: 136616

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	lte	version:	11.2.202.577	Trust: 1.0
vendor:	adobe	model:	air sdk \& compiler	scope:	lte	version:	21.0.0.176	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	18.0.0.333	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	21.0.0.176	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	21.0.0.197	Trust: 1.0
vendor:	adobe	model:	flash player desktop runtime	scope:	lte	version:	21.0.0.197	Trust: 1.0
vendor:	adobe	model:	air desktop runtime	scope:	lte	version:	21.0.0.176	Trust: 1.0
vendor:	google	model:	chrome	scope:	-	version:	-	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.2.202.616 (linux)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	21.0.0.213 (windows 10 edition microsoft edge/internet explorer 11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	21.0.0.213 (windows 8.1 edition internet explorer 11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	21.0.0.213 (windows/macintosh/linux/chromeos edition chrome)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	desktop runtime 21.0.0.213 (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	continuous support release 18.0.0.343 (windows/macintosh)	Trust: 0.8
vendor:	microsoft	model:	windows 10	scope:	eq	version:	for 32-bit systems	Trust: 0.8
vendor:	microsoft	model:	windows 10	scope:	eq	version:	for x64-based systems	Trust: 0.8
vendor:	microsoft	model:	windows 10	scope:	eq	version:	version 1511 for 32-bit systems	Trust: 0.8
vendor:	microsoft	model:	windows 10	scope:	eq	version:	version 1511 for x64-based systems	Trust: 0.8
vendor:	microsoft	model:	windows 8.1	scope:	eq	version:	for 32-bit systems	Trust: 0.8
vendor:	microsoft	model:	windows 8.1	scope:	eq	version:	for x64-based systems	Trust: 0.8
vendor:	microsoft	model:	windows rt 8.1	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	none	Trust: 0.8
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	r2	Trust: 0.8
vendor:	microsoft	model:	windows 10	scope:	-	version:	-	Trust: 0.6
vendor:	red	model:	hat enterprise linux workstation supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux supplementary server	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux server supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary client	scope:	eq	version:	5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.53.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.51.66	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.452	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.3218	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.22.87	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.15.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.36	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.35	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.2460	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.152.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.151.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.124.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.48.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.47.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.45.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.31.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.289.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.283.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.280	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.28.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.277.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.260.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.246.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.159.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.155.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.115.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.35.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.34.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.73.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.70.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.69.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.68.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.67.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.66.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.61.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.60.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.53.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.24.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.19.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.14.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.79	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.21.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.229	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.112.61	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.4	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.157.51	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.156.12	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.28	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.27	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.24	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.13	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.33	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.82.76	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.15	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.14.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.106.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.105.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.65	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.42.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.32.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2080	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.1961	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19140	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.01	Trust: 0.3

sources: BID: 85927 // JVNDB: JVNDB-2016-002086 // CNNVD: CNNVD-201604-101 // NVD: CVE-2016-1006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1006
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1006
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201604-101
value:	HIGH
Trust: 0.6
VULHUB:	VHN-88798
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-1006
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1006
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2016-1006
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-88798
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1006
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2016-1006
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-88798 // VULMON: CVE-2016-1006 // JVNDB: JVNDB-2016-002086 // CNNVD: CNNVD-201604-101 // NVD: CVE-2016-1006

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8
problemtype:	CWE-254	Trust: 0.1

sources: VULHUB: VHN-88798 // JVNDB: JVNDB-2016-002086 // NVD: CVE-2016-1006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-101

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201604-101

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002086

PATCH

title:	APSB16-10	url:	http://helpx.adobe.com/security/products/flash-player/apsb16-10.html	Trust: 0.8
title:	APSB16-10	url:	http://helpx.adobe.com/jp/security/products/flash-player/apsb16-10.html	Trust: 0.8
title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Chrome Releases	url:	http://googlechromereleases.blogspot.jp/	Trust: 0.8
title:	Google Chrome を更新する	url:	https://support.google.com/chrome/answer/95414?hl=ja	Trust: 0.8
title:	Security Update for Adobe Flash Player (3154132)	url:	https://technet.microsoft.com/en-us/library/security/MS16-050.aspx	Trust: 0.8
title:	Adobe Flash Player のセキュリティ更新プログラム (3154132)	url:	https://technet.microsoft.com/ja-jp/library/security/MS16-050.aspx	Trust: 0.8
title:	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20160411f.html	Trust: 0.8
title:	Adobe Flash Player Remediation measures for reusing vulnerabilities after release	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=60832	Trust: 0.6
title:	Red Hat: CVE-2016-1006	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-1006	Trust: 0.1
title:	CVE-Study	url:	https://github.com/thdusdl1219/CVE-Study	Trust: 0.1

sources: VULMON: CVE-2016-1006 // JVNDB: JVNDB-2016-002086 // CNNVD: CNNVD-201604-101

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1006	Trust: 3.0
db:	SECTRACK	id:	1035509	Trust: 1.8
db:	JVNDB	id:	JVNDB-2016-002086	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-101	Trust: 0.6
db:	BID	id:	85927	Trust: 0.5
db:	PACKETSTORM	id:	136616	Trust: 0.2
db:	VULHUB	id:	VHN-88798	Trust: 0.1
db:	VULMON	id:	CVE-2016-1006	Trust: 0.1

sources: VULHUB: VHN-88798 // VULMON: CVE-2016-1006 // BID: 85927 // JVNDB: JVNDB-2016-002086 // PACKETSTORM: 136616 // CNNVD: CNNVD-201604-101 // NVD: CVE-2016-1006

REFERENCES

url:	https://helpx.adobe.com/security/products/flash-player/apsb16-10.html	Trust: 2.2
url:	http://rhn.redhat.com/errata/rhsa-2016-0610.html	Trust: 1.9
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050	Trust: 1.8
url:	http://www.securitytracker.com/id/1035509	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1006	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20160406-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2016/at160016.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1006	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=18124	Trust: 0.8
url:	https://www.adobe.com/software/flash/about/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3
url:	https://technet.microsoft.com/library/security/ms16-050	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-1006	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/85927	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1017	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1016	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1021	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1027	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1016	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1026	Trust: 0.1
url:	https://helpx.adobe.com/security/products/flash-player/apsa16-01.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1028	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1019	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1017	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1013	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1020	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1028	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1011	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1026	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1029	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1022	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1030	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1011	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1019	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1012	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1030	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1020	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1015	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1014	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1025	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1006	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1018	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1014	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1015	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1033	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1031	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1027	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1021	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1013	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1023	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1024	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1031	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1012	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1033	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1024	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1025	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1018	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1029	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1032	Trust: 0.1

sources: VULHUB: VHN-88798 // VULMON: CVE-2016-1006 // BID: 85927 // JVNDB: JVNDB-2016-002086 // PACKETSTORM: 136616 // CNNVD: CNNVD-201604-101 // NVD: CVE-2016-1006

CREDITS

Kang Yang of Qihoo 360

Trust: 0.6

sources: CNNVD: CNNVD-201604-101

SOURCES

db:	VULHUB	id:	VHN-88798
db:	VULMON	id:	CVE-2016-1006
db:	BID	id:	85927
db:	JVNDB	id:	JVNDB-2016-002086
db:	PACKETSTORM	id:	136616
db:	CNNVD	id:	CNNVD-201604-101
db:	NVD	id:	CVE-2016-1006

LAST UPDATE DATE

2024-08-14T13:32:09.932000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-88798	date:	2023-01-26T00:00:00
db:	VULMON	id:	CVE-2016-1006	date:	2023-01-26T00:00:00
db:	BID	id:	85927	date:	2016-07-06T14:26:00
db:	JVNDB	id:	JVNDB-2016-002086	date:	2016-04-19T00:00:00
db:	CNNVD	id:	CNNVD-201604-101	date:	2023-01-28T00:00:00
db:	NVD	id:	CVE-2016-1006	date:	2023-01-26T18:36:19.460

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-88798	date:	2016-04-09T00:00:00
db:	VULMON	id:	CVE-2016-1006	date:	2016-04-09T00:00:00
db:	BID	id:	85927	date:	2016-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2016-002086	date:	2016-04-19T00:00:00
db:	PACKETSTORM	id:	136616	date:	2016-04-08T22:04:53
db:	CNNVD	id:	CNNVD-201604-101	date:	2016-04-08T00:00:00
db:	NVD	id:	CVE-2016-1006	date:	2016-04-09T01:59:26.387