CVE-2016-1105
Adobe Flash - Type Confusion in FileReference Constructor
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.213 y versiones anteriores, segĂșn se utiliza en las librerĂas Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a otras CVEs listadas en MS16-064.
Adobe Flash suffers from a type confusion vulnerability in the FileReference constructor.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-12-22 CVE Reserved
- 2016-05-11 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-09-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/137056/Adobe-Flash-FileReference-Type-Confusion.html | X_refsource_misc | |
http://www.securitytracker.com/id/1035827 | Vdb Entry | |
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/39829 | 2024-08-05 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Edge Search vendor "Microsoft" for product "Edge" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 10 Search vendor "Microsoft" for product "Internet Explorer" and version "10" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 11 Search vendor "Microsoft" for product "Internet Explorer" and version "11" | - |
Affected
| ||||||
Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 21.0.0.213 Search vendor "Adobe" for product "Flash Player" and version " <= 21.0.0.213" | - |
Affected
|