Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2016-0998

Published: 12/03/2016 Updated: 14/12/2022
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Flash Player

Vulnerability Summary

Use-after-free vulnerability in Adobe Flash Player prior to 18.0.0.333 and 19.x up to and including 21.x prior to 21.0.0.182 on Windows and OS X and prior to 11.2.202.577 on Linux, Adobe AIR prior to 21.0.0.176, Adobe AIR SDK prior to 21.0.0.176, and Adobe AIR SDK & Compiler prior to 21.0.0.176 allows malicious users to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

adobe air

adobe air_sdk

samsung x14j_firmware t-ms14jakucb-1102.5

adobe flash_player_desktop_runtime

adobe air_desktop_runtime

adobe air_sdk_\\&_compiler

Vendor Advisories

Red Hat: CVE-2016-0998
Use-after-free vulnerability in Adobe Flash Player before 1800333 and 19x through 21x before 2100182 on Windows and OS X and before 112202577 on Linux, Adobe AIR before 2100176, Adobe AIR SDK before 2100176, and Adobe AIR SDK & Compiler before 2100176 allows attackers to execute arbitrary code via unspecified vectors, a diff ...

Exploits

Exploit DB: Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix
Source: bugschromiumorg/p/project-zero/issues/detail?id=716 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin (helpxadobecom/security/products/flash-player/apsb15-32html, most likely one of the UaFs reported by Yuki Chen) can sometimes access a parameter on the native stack that is un ...
Exploit DB: Adobe Flash - Object.unwatch Use-After-Free
Sources: bugschromiumorg/p/project-zero/issues/detail?id=716 googleprojectzeroblogspotca/2016/03/life-after-isolated-heaphtml The bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug Roughly 80 of these types of issues have been fixed by Adobe in the past year, and two uninitialized variable is ...

References

CWE-416https://helpx.adobe.com/security/products/flash-player/apsb16-08.htmlhttp://www.securityfocus.com/bid/84312http://www.securitytracker.com/id/1035251http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.htmlhttps://security.gentoo.org/glsa/201603-07http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.htmlhttps://www.exploit-db.com/exploits/39631/https://www.exploit-db.com/exploits/39612/https://nvd.nist.govhttps://www.exploit-db.com/exploits/39612/https://access.redhat.com/security/cve/cve-2016-0998
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook