CVE-2016-1010

KEV

🔴 Łataj teraz

Przepełnienie całkowitej liczby w Adobe Flash Player umożliwia zdalne wykonanie kodu.

CVSS

8.8

EPSS

12.7%

Exploit

weaponized

Vendor

adobe

Opis źródłowy (NVD)

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.

brak Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	8.8
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	12.7%
Opublikowano (NVD)	2016-03-12 15:59:25 UTC
Ostatnia modyfikacja (NVD)	2026-04-22 12:21:58 UTC

Referencje

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
http://www.securityfocus.com/bid/84308 (psirt@adobe.com) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securitytracker.com/id/1035251 (psirt@adobe.com) [Broken Link, Third Party Advisory, VDB Entry]
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html (psirt@adobe.com) [Patch, Vendor Advisory]
https://security.gentoo.org/glsa/201603-07 (psirt@adobe.com) [Third Party Advisory]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1010 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]