Vulnerability CVE-2016-0964

Vulnerability Name:

CVE-2016-0964 (CCN-110481)

Assigned:

2015-12-22

Published:

2016-02-09

Updated:

2023-01-26

Summary:

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-0964

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Refresh

Source: psirt@adobe.com
Type: Broken Link, Third Party Advisory
psirt@adobe.com

Source: psirt@adobe.com
Type: Broken Link, Third Party Advisory
psirt@adobe.com

Source: psirt@adobe.com
Type: Broken Link, Third Party Advisory
psirt@adobe.com

Source: psirt@adobe.com
Type: Broken Link, Third Party Advisory
psirt@adobe.com

Source: CCN
Type: RHSA-2016-0166
Critical: flash-plugin security update

Source: psirt@adobe.com
Type: Third Party Advisory
psirt@adobe.com

Source: CCN
Type: Microsoft Security Bulletin MS16-022
Security Update for Adobe Flash Player (3135782)

Source: CCN
Type: Microsoft Security Bulletin MS16-036
Security Update for Adobe Flash Player (3144756)

Source: psirt@adobe.com
Type: Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com

Source: XF
Type: UNKNOWN
adobe-flash-cve20160964-code-exec(110481)

Source: CCN
Type: Adobe Security Bulletin APSB16-04
Security updates available for Adobe Flash Player

Source: psirt@adobe.com
Type: Patch, Vendor Advisory
psirt@adobe.com

Source: CCN
Type: Packet Storm Security [02-17-2016]
Adobe Flash BitmapData.drawWithQuality Heap Overflow

Source: psirt@adobe.com
Type: Third Party Advisory
psirt@adobe.com

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [02-17-2016]

Source: psirt@adobe.com
Type: Exploit, Third Party Advisory, VDB Entry
psirt@adobe.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-0964

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:20.0.0.306:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:20.0.0.306:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:20.0.0.306::~~~internet_explorer~~:*:*:*:*:*

OR cpe:/a:adobe:flash_player:20.0.0.306:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_10:::~~~~x64~:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.7.z:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55542	P	Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate) (in QA)	2023-04-20
oval:org.opensuse.security:def:20160964	V	CVE-2016-0964	2022-05-20
oval:org.opensuse.security:def:56101	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:46066	P	Security update for openssh (Important)	2021-12-01
oval:org.opensuse.security:def:55270	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:55935	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:47038	P	libjpeg-turbo-1.3.1-30.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47980	P	cron-4.2-59.10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47248	P	elfutils-0.158-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47926	P	xorg-x11-7.6_1-14.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47184	P	xinetd-2.3.15-7.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48042	P	hplip-3.16.11-1.33 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47288	P	hyper-v-7-13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47988	P	davfs2-1.5.2-2.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47060	P	libpng12-0-1.2.50-13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47217	P	busybox-1.21.1-3.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47350	P	libgraphite2-3-1.3.1-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46976	P	java-1_8_0-openjdk-1.8.0.101-14.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47186	P	xorg-x11-7.6_1-14.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47122	P	perl-32bit-5.18.2-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47279	P	gstreamer-plugins-good-1.8.3-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:11365	P	libgnomesu-1.0.0-352.84 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11883	P	libfreetype6-2.6.3-7.8.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46762	P	libpulse-mainloop-glib0-32bit-5.0-2.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11514	P	curl-7.37.0-15.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11605	P	libgcrypt20-1.6.1-16.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11807	P	freerdp-2.0.0~git.1463131968.4e66df7-11.69 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12338	P	radvd-1.9.7-2.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11874	P	libcgroup1-0.41.rc1-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46615	P	apache2-mod_jk-1.2.40-5.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11495	P	autofs-5.0.9-8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11583	P	libXrandr2-1.4.2-3.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46824	P	procmail-3.22-267.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11732	P	unixODBC-2.3.1-4.95 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12316	P	pcsc-ccid-1.4.25-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46524	P	libupsclient1-2.7.1-4.55 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11480	P	xinetd-2.3.15-7.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12556	P	libical1-1.0.1-16.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11357	P	libevent-2_0-5-2.0.21-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46677	P	hardlink-1.0-6.45 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11713	P	rsync-3.1.0-2.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11678	P	opensc-0.13.0-1.122 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46392	P	colord-gtk-lang-0.1.25-3.109 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11433	P	patch-2.7.1-5.191 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12534	P	libcairo-gobject2-1.15.2-25.3.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46586	P	tigervnc-1.3.0-17.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11614	P	libjpeg-turbo-1.3.1-30.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11698	P	ppp-2.4.7-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11665	P	libxcb-dri2-0-1.10-1.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11575	P	libXRes1-1.0.7-3.54 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46200	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:11387	P	libpng12-0-1.2.50-8.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11896	P	libjasper1-1.900.1-170.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46454	P	libXRes1-1.0.7-3.53 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11589	P	libXxf86dga1-1.1.4-3.59 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11651	P	libsoup-2_4-1-2.44.2-1.46 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11656	P	libtag1-1.9.1-1.265 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11832	P	hplip-3.14.6-3.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:56027	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:55890	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:57570	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:57496	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:55827	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:54697	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:54696	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:28872	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:24652	P	Security update for python-PyYAML (Important)	2020-12-01
oval:org.opensuse.security:def:25874	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27458	P	libldb-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53199	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:55816	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:24372	P	Security update for soundtouch (Moderate)	2020-12-01
oval:org.opensuse.security:def:46262	P	Security update for python-PyYAML (Important)	2020-12-01
oval:org.opensuse.security:def:54347	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24770	P	Security update for libcdio (Low)	2020-12-01
oval:org.opensuse.security:def:54037	P	liblzo2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25139	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:54719	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53590	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:54241	P	libXfont1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46067	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:27743	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:53016	P	Security update for graphviz (Moderate)	2020-12-01
oval:org.opensuse.security:def:24571	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:25839	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:27457	P	liblcms-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52961	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28137	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:54540	P	libecpg6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46142	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24994	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:28234	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:24714	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:53929	P	bash on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25095	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:53417	P	Security update for nodejs10 (Important)	2020-12-01
oval:org.opensuse.security:def:54203	P	gdm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24434	P	Security update for sysstat (Low)	2020-12-01
oval:org.opensuse.security:def:27661	P	Security update for ruby	2020-12-01
oval:org.opensuse.security:def:24445	P	Security update for java-1_7_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:55376	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54255	P	libblkid1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25201	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:52821	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28088	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:54459	P	emacs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46129	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24941	P	Security update for java-1_7_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:28190	P	Security update for libapr-util1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24633	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:53644	P	Security update for unbound (Important)	2020-12-01
oval:org.opensuse.security:def:25081	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:53179	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:27533	P	perl-DBD-Pg on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25056	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:24382	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:54147	P	yast2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25157	P	Security update for shibboleth-sp (Moderate)	2020-12-01
oval:org.opensuse.security:def:55672	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:52799	P	Security update for the Linux Kernel (Live Patch 17 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:28035	P	Fixing security issues on OBS toolchain (Important)	2020-12-01
oval:org.opensuse.security:def:54421	P	alsa on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24791	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:28176	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24507	P	Security update for apache-commons-beanutils (Important)	2020-12-01
oval:org.opensuse.security:def:53478	P	Security update for zstd (Moderate)	2020-12-01
oval:org.opensuse.security:def:56220	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:53039	P	Security update for libjpeg-turbo (Important)	2020-12-01
oval:org.opensuse.security:def:27469	P	libotr-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25003	P	Security update for mariadb-100 (Important)	2020-12-01
oval:org.opensuse.security:def:25812	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:46128	P	Security update for postgresql96 (Important)	2020-12-01
oval:org.opensuse.security:def:55097	P	ecryptfs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53862	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:25143	P	Security update for soundtouch (Moderate)	2020-12-01
oval:org.opensuse.security:def:55598	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:27884	P	Security update for rubygem-i18n-0_6	2020-12-01
oval:org.opensuse.security:def:54129	P	telepathy-idle on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24708	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:24444	P	Security update for gnome-shell (Moderate)	2020-12-01
oval:org.opensuse.security:def:53372	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:56139	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:53017	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:28907	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:52798	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24853	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25777	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:54859	P	libfbembed2_5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53696	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:54322	P	libvdpau1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46080	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:27800	P	Security update for libmspack (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20160166	P	RHSA-2016:0166: flash-plugin security update (Critical)	2016-02-10
oval:org.opensuse.security:def:78524	P	Security update for flash-player (Important)	2016-02-10
oval:com.ubuntu.precise:def:20160964000	V	CVE-2016-0964 on Ubuntu 12.04 LTS (precise) - medium.	2016-02-10
oval:com.ubuntu.trusty:def:20160964000	V	CVE-2016-0964 on Ubuntu 14.04 LTS (trusty) - medium.	2016-02-10
oval:org.opensuse.security:def:80204	P	Security update for flash-player (Important)	2016-02-10
oval:org.opensuse.security:def:78306	P	Security update for flash-player (Important)	2016-02-10

BACK