CVE-2016-1102
published 2016-05-11CVE-2016-1102: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and…
PriorityP263high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
39.65%
98.4th percentile
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | air_desktop_runtime | <= 21.0.0.198 | — |
| adobe | air_sdk | <= 21.0.0.198 | — |
| adobe | air_sdk_compiler | <= 21.0.0.198 | — |
| adobe | flash_player | <= 21.0.0.241 | — |
| adobe | flash_player | <= 18.0.0.343 | — |
| adobe | flash_player | <= 11.2.202.616 | — |
| adobe | flash_player | <= 21.0.0.216 | — |
| adobe | flash_player | <= 21.0.0.213 | — |
| adobe | flash_player_desktop_runtime | <= 21.0.0.226 | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·CVE-2016-1102 is described as an unspecified memory corruption vulnerability in Adobe Flash Player (before 18.0.0.352, 19.x–21.x before 21.0.0.242 on Windows/OS X, before 11.2.202.621 on Linux). No attack vectors, payloads, or exploitation details are publicly disclosed in the available sources. ↗
- ·CVE-2016-1102 is grouped with a broad set of memory corruption CVEs (CVE-2016-1096, CVE-2016-1098 through CVE-2016-1104, CVE-2016-4109 through CVE-2016-4163) all fixed in the same Adobe Flash release (APSB16-15). No distinguishing technical indicators are available to differentiate CVE-2016-1102 from the others in this batch. ↗
- ·The Exploit-DB entry (39824) covers a separate JXR out-of-bounds read issue in Adobe Flash and is not specifically attributed to CVE-2016-1102 in the source material. No concrete IOCs (hashes, URLs, commands) are extractable from the available sources for CVE-2016-1102. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-15
vendor_redhat·2016-05-10·CVSS 7.5
CVE-2016-1102 [HIGH] flash-plugin: multiple code execution issues fixed in APSB16-15
flash-plugin: multiple code execution issues fixed in APSB16-15
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-15
vendor_redhat·2016-05-10·CVSS 7.5
CVE-2016-4161 [HIGH] flash-plugin: multiple code execution issues fixed in APSB16-15
flash-plugin: multiple code execution issues fixed in APSB16-15
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163.
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-15
vendor_redhat·2016-05-10·CVSS 7.5
CVE-2016-4160 [HIGH] flash-plugin: multiple code execution issues fixed in APSB16-15
flash-plugin: multiple code execution issues fixed in APSB16-15
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-15
vendor_redhat·2016-05-10·CVSS 7.5
CVE-2016-4120 [HIGH] flash-plugin: multiple code execution issues fixed in APSB16-15
flash-plugin: multiple code execution issues fixed in APSB16-15
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-15
vendor_redhat·2016-05-10·CVSS 7.5
CVE-2016-4162 [HIGH] flash-plugin: multiple code execution issues fixed in APSB16-15
flash-plugin: multiple code execution issues fixed in APSB16-15
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4163.
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-15
vendor_redhat·2016-05-10·CVSS 7.5
CVE-2016-4163 [HIGH] flash-plugin: multiple code execution issues fixed in APSB16-15
flash-plugin: multiple code execution issues fixed in APSB16-15
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162.
GHSA
GHSA-6qg9-8776-fggx: Unspecified vulnerability in Adobe Flash Player 21
ghsa_unreviewed·2022-05-14
CVE-2016-1102 [HIGH] GHSA-6qg9-8776-fggx: Unspecified vulnerability in Adobe Flash Player 21
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
GHSA
GHSA-6gc7-g2p6-mq5h: Adobe Flash Player before 18
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2016-4161 [HIGH] CWE-119 GHSA-6gc7-g2p6-mq5h: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163.
GHSA
GHSA-6hcp-v9xq-2g4x: Adobe Flash Player before 18
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2016-4163 [HIGH] CWE-119 GHSA-6hcp-v9xq-2g4x: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162.
GHSA
GHSA-799p-jh5j-8wjj: Adobe Flash Player before 18
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2016-4160 [HIGH] CWE-119 GHSA-799p-jh5j-8wjj: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.
GHSA
GHSA-3g5f-wchp-h22r: Adobe Flash Player before 18
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2016-4120 [HIGH] CWE-119 GHSA-3g5f-wchp-h22r: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.
GHSA
GHSA-48g8-vqvw-2wfm: Adobe Flash Player before 18
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2016-4162 [HIGH] CWE-119 GHSA-48g8-vqvw-2wfm: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4163.
OSV
CVE-2016-4160: Adobe Flash Player before 18
osv·2016-06-16·CVSS 7.5
CVE-2016-4160 [HIGH] CVE-2016-4160: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.
OSV
CVE-2016-4163: Adobe Flash Player before 18
osv·2016-06-16·CVSS 7.5
CVE-2016-4163 [HIGH] CVE-2016-4163: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162.
OSV
CVE-2016-4120: Adobe Flash Player before 18
osv·2016-06-16·CVSS 7.5
CVE-2016-4120 [HIGH] CVE-2016-4120: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.
OSV
CVE-2016-4161: Adobe Flash Player before 18
osv·2016-06-16·CVSS 7.5
CVE-2016-4161 [HIGH] CVE-2016-4161: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163.
OSV
CVE-2016-4162: Adobe Flash Player before 18
osv·2016-06-16·CVSS 7.5
CVE-2016-4162 [HIGH] CVE-2016-4162: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4163.
No detection rules found.
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.htmlhttp://packetstormsecurity.com/files/137053/Adobe-Flash-JXR-Processing-Out-Of-Bounds-Read.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1079.htmlhttp://www.securityfocus.com/bid/90618http://www.securitytracker.com/id/1035827https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064https://helpx.adobe.com/security/products/flash-player/apsb16-15.htmlhttps://www.exploit-db.com/exploits/39824/http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.htmlhttp://packetstormsecurity.com/files/137053/Adobe-Flash-JXR-Processing-Out-Of-Bounds-Read.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1079.htmlhttp://www.securityfocus.com/bid/90618http://www.securitytracker.com/id/1035827https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064https://helpx.adobe.com/security/products/flash-player/apsb16-15.htmlhttps://www.exploit-db.com/exploits/39824/
2016-05-11
Published