CVE-2016-1019

KEV

🔴 Łataj teraz

Błąd w Adobe Flash Player umożliwia zdalnym atakującym awarię aplikacji lub wykonanie kodu.

CVSS

9.8

EPSS

58.0%

Exploit

weaponized

Vendor

adobe

Opis źródłowy (NVD)

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.

dos Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.8
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	58.0%
Opublikowano (NVD)	2016-04-07 10:59:01 UTC
Ostatnia modyfikacja (NVD)	2026-04-21 21:08:11 UTC

Referencje

http://blogs.adobe.com/psirt/?p=1330 (psirt@adobe.com) [Broken Link, Vendor Advisory]
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.html (psirt@adobe.com) [Broken Link]
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.html (psirt@adobe.com) [Broken Link]
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.html (psirt@adobe.com) [Broken Link]
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.html (psirt@adobe.com) [Broken Link]
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html (psirt@adobe.com) [Broken Link]
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html (psirt@adobe.com) [Broken Link]
http://rhn.redhat.com/errata/RHSA-2016-0610.html (psirt@adobe.com) [Third Party Advisory]
http://www.securityfocus.com/bid/85856 (psirt@adobe.com) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securitytracker.com/id/1035491 (psirt@adobe.com) [Broken Link, Third Party Advisory, VDB Entry]
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 (psirt@adobe.com) [Patch, Third Party Advisory, Vendor Advisory]
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html (psirt@adobe.com) [Vendor Advisory]
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html (psirt@adobe.com) [Vendor Advisory]
https://security.gentoo.org/glsa/201606-08 (psirt@adobe.com) [Third Party Advisory]
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html (psirt@adobe.com) [Broken Link]
https://github.com/cisagov/vulnrichment/issues/196 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [Issue Tracking]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1019 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]