Vulnerability CVE-2016-1000

Vulnerability Name:

CVE-2016-1000 (CCN-111428)

Assigned:

2015-12-22

Published:

2016-03-10

Updated:

2022-12-14

Summary:

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-1000

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Refresh

Source: psirt@adobe.com
Type: Broken Link, Mailing List, Third Party Advisory
psirt@adobe.com

Source: psirt@adobe.com
Type: Broken Link, Mailing List, Third Party Advisory
psirt@adobe.com

Source: psirt@adobe.com
Type: Broken Link, Mailing List, Third Party Advisory
psirt@adobe.com

Source: psirt@adobe.com
Type: Broken Link, Mailing List, Third Party Advisory
psirt@adobe.com

Source: CCN
Type: RHSA-2016-0438
Critical: flash-plugin security update

Source: psirt@adobe.com
Type: Third Party Advisory
psirt@adobe.com

Source: psirt@adobe.com
Type: Third Party Advisory
psirt@adobe.com

Source: CCN
Type: Microsoft Security Bulletin MS16-036
Security Update for Adobe Flash Player (3144756)

Source: CCN
Type: BID-84312
Adobe Flash Player and AIR APSB16-08 Multiple Use After Free Remote Code Execution Vulnerabilities

Source: psirt@adobe.com
Type: Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com

Source: psirt@adobe.com
Type: Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com

Source: XF
Type: UNKNOWN
adobe-flash-cve20161000-code-exec(111428)

Source: CCN
Type: Adobe Security Bulletin APSB16-08
Security updates available for Adobe Flash Player

Source: psirt@adobe.com
Type: Patch, Vendor Advisory
psirt@adobe.com

Source: CCN
Type: Packet Storm Security [03-22-2016]
Adobe Flash Sprite Creation Use-After-Free

Source: psirt@adobe.com
Type: Third Party Advisory
psirt@adobe.com

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-23-2016]

Source: psirt@adobe.com
Type: Exploit, Third Party Advisory, VDB Entry
psirt@adobe.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-1000

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:21.0.0.182:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:21.0.0.182:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_10:::~~~~x64~:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.7.z:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20161000	V	CVE-2016-1000	2022-05-20
oval:org.opensuse.security:def:56102	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:55271	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:57497	P	Security update for aspell (Important)	2021-08-25
oval:org.opensuse.security:def:55936	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:47124	P	perl-HTML-Parser-3.71-1.145 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47982	P	cups-1.7.5-20.23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47251	P	evince-3.20.1-5.66 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47928	P	xorg-x11-server-1.19.6-2.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47187	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47062	P	libpng16-16-1.6.8-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48045	P	ibus-chewing-1.4.14-4.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47290	P	ipsec-tools-0.8.0-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46978	P	kdump-0.8.15-28.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47991	P	dhcp-4.3.3-10.16.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47125	P	perl-LWP-Protocol-https-6.04-5.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47219	P	chrony-2.3-3.110 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47353	P	libhivex0-1.3.10-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47041	P	liblcms1-1.19-17.28 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47188	P	xorg-x11-server-7.6_1.18.3-57.34 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47282	P	guile-2.0.9-8.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:11379	P	libmspack0-0.4-3.64 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11899	P	libjbig2-2.0-12.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46827	P	python-imaging-1.1.7-21.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11748	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11621	P	libmms0-0.6.2-15.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46526	P	libvorbis-doc-1.3.3-8.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11494	P	argyllcms-1.6.3-1.179 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12352	P	strongswan-5.1.3-25.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11890	P	libgssglue1-0.4-3.83 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46680	P	ibus-chewing-1.4.10.1-2.25 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11729	P	telepathy-idle-0.2.0-1.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11599	P	libexif12-0.6.21-6.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46394	P	coreutils-8.22-5.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11447	P	python-imaging-1.1.7-21.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12330	P	python-cupshelpers-1.5.7-7.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46589	P	vino-3.10.1-1.81 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11628	P	libopenssl0_9_8-0.9.8j-81.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11714	P	rsyslog-8.4.0-8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12572	P	libltdl7-2.4.2-17.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11371	P	libjbig2-2.0-12.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11692	P	perl-LWP-Protocol-https-6.04-5.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46457	P	libXfixes3-32bit-5.0.1-3.53 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11603	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11667	P	libxml2-2-2.9.1-10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12550	P	libgme0-0.6.0-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11848	P	libFLAC++6-1.3.0-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11679	P	openslp-2.0.0-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46764	P	libpython3_4m1_0-3.4.1-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11591	P	libarchive13-3.1.2-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11528	P	evince-3.10.3-1.213 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11401	P	libsmi-0.4.8-18.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11912	P	libmspack0-0.4-14.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11823	P	gpg2-2.0.24-3.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11670	P	libzmq3-4.0.4-13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46617	P	apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11509	P	cpp48-4.8.5-24.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:56028	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:55906	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:57571	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:46082	P	Security update for openssl (Moderate)	2021-03-19
oval:org.opensuse.security:def:46131	P	Security update for php53 (Important)	2021-03-17
oval:org.opensuse.security:def:55832	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:55828	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:54698	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:28873	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:54697	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:24717	P	Security update for perl-PlRPC (Moderate)	2020-12-01
oval:org.opensuse.security:def:53943	P	cups-pk-helper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25877	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27459	P	libmikmod on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53433	P	Security update for nodejs8 (Critical)	2020-12-01
oval:org.opensuse.security:def:24374	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:27662	P	Security update for Ruby On Rails	2020-12-01
oval:org.opensuse.security:def:55377	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54271	P	libid3tag0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25141	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:54720	P	aaa_base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28089	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:54255	P	libblkid1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46069	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:24943	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:53032	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:24636	P	Security update for man (Moderate)	2020-12-01
oval:org.opensuse.security:def:53658	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:25842	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27458	P	libldb-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53195	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:54556	P	libidn11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46145	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25059	P	Security update for apache2-mod_auth_openidc (Important)	2020-12-01
oval:org.opensuse.security:def:28235	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:54163	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25097	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:28036	P	Security update for bzr (Moderate)	2020-12-01
oval:org.opensuse.security:def:54217	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24437	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:24793	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24510	P	Security update for libsolv, libzypp, zypper (Moderate)	2020-12-01
oval:org.opensuse.security:def:53492	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:25204	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:52835	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:54475	P	gdm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46132	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25006	P	Security update for apache-commons-beanutils (Important)	2020-12-01
oval:org.opensuse.security:def:28191	P	Security update for libapr1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:46068	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:55098	P	elfutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53878	P	Security update for MozillaThunderbird and mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:25083	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:46202	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:27885	P	Security update for rubygem-mail-2_3	2020-12-01
oval:org.opensuse.security:def:54143	P	xlockmore on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27534	P	perl-Tk-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24710	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:24384	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:53386	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25160	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:55686	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:52813	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:54437	P	coreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24856	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:28177	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:54860	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53712	P	Security update for u-boot (Important)	2020-12-01
oval:org.opensuse.security:def:56221	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:53055	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:27801	P	Security update for MySQL	2020-12-01
oval:org.opensuse.security:def:27470	P	libpcp3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24654	P	Security update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:25814	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:53213	P	Security update for mariadb, mariadb-connector-c (Important)	2020-12-01
oval:org.opensuse.security:def:25146	P	Security update for man (Moderate)	2020-12-01
oval:org.opensuse.security:def:55612	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:46265	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:54363	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24773	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:54051	P	libpolkit0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24447	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:53606	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:56140	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:53033	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:27744	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:28908	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:52812	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:24573	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:55543	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:25779	P	Security update for the SUSE Linux Enterprise 12 kernel (Important)	2020-12-01
oval:org.opensuse.security:def:52975	P	Security update for python-ecdsa (Moderate)	2020-12-01
oval:org.opensuse.security:def:28138	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:54336	P	mipv6d on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24996	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:com.ubuntu.precise:def:20161000000	V	CVE-2016-1000 on Ubuntu 12.04 LTS (precise) - medium.	2016-03-12
oval:com.ubuntu.trusty:def:20161000000	V	CVE-2016-1000 on Ubuntu 14.04 LTS (trusty) - medium.	2016-03-12
oval:com.redhat.rhsa:def:20160438	P	RHSA-2016:0438: flash-plugin security update (Critical)	2016-03-11
oval:org.opensuse.security:def:78540	P	Security update for flash-player (Important)	2016-03-11
oval:org.opensuse.security:def:80205	P	Security update for flash-player (Important)	2016-03-11
oval:org.opensuse.security:def:78320	P	Security update for flash-player (Important)	2016-03-11

BACK