Vulnerability CVE-2016-1107

Vulnerability Name:

CVE-2016-1107 (CCN-113029)

Assigned:

2015-12-22

Published:

2016-05-11

Updated:

2018-10-12

Summary:

Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-1107

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:1305

Source: CCN
Type: RHSA-2016-1079
Critical: flash-plugin security update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:1079

Source: SECTRACK
Type: UNKNOWN
1035827

Source: MS
Type: UNKNOWN
MS16-064

Source: XF
Type: UNKNOWN
adobe-flash-cve20161107-code-exec(113029)

Source: CCN
Type: Adobe Security Bulletin APSB16-15
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: UNKNOWN
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 21.0.0.213)

Configuration 2:

cpe:/a:microsoft:edge:-:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:10:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:21.0.0.226:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:50.0.2661.75:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20161107	V	CVE-2016-1107	2022-05-20
oval:org.opensuse.security:def:55942	P	Security update for aspell (Important)	2021-08-25
oval:org.opensuse.security:def:46987	P	libQt5WebKit5-5.6.1-9.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47299	P	kdump-0.8.16-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47291	P	iputils-s20121221-2.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47071	P	libraptor2-0-2.0.10-3.63 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47050	P	libmspack0-0.4-14.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47133	P	procmail-3.22-267.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47937	P	DirectFB-1.7.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47362	P	libjavascriptcoregtk-4_0-18-2.12.5-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47134	P	python-2.7.9-24.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47197	P	accountsservice-0.6.42-14.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47991	P	dhcp-4.3.3-10.16.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47196	P	aaa_base-13.2+git20140911.61c1681-36.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48000	P	elfutils-0.158-7.7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47228	P	crash-7.1.8-3.9 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47260	P	gdk-pixbuf-lang-2.34.0-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48054	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:11700	P	puppet-3.6.2-3.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12382	P	xorg-x11-server-7.6_1.18.3-71.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12586	P	libnetpbm11-10.66.3-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11627	P	libneon27-0.30.0-3.65 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46403	P	cyrus-sasl-2.1.26-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46836	P	rpm-32bit-4.11.2-10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11558	P	hyper-v-6-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11409	P	libtiff5-32bit-4.0.3-9.78 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11765	P	bash-4.3-78.39 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11709	P	radvd-1.9.7-2.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11926	P	libpolkit0-0.113-5.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12608	P	libprocps3-3.3.9-11.14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46535	P	mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46466	P	libXv1-1.0.10-3.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11477	P	xalan-j2-2.7.0-264.133 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11633	P	libpng15-15-1.5.22-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11431	P	pam_krb5-2.4.4-4.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11784	P	curl-7.37.0-28.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11635	P	libpolkit0-0.113-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11722	P	sudo-1.8.10p3-1.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11935	P	libraw9-0.15.4-3.88 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46626	P	bzip2-1.0.6-27.1129 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46598	P	xlockmore-5.43-5.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11524	P	ecryptfs-utils-103-5.35 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11658	P	libtiff5-32bit-4.0.4-12.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11703	P	python-imaging-1.1.7-21.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11859	P	libXi6-1.7.4-9.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11657	P	libtasn1-3.7-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12360	P	telepathy-gabble-0.18.3-5.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11401	P	libsmi-0.4.8-18.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11948	P	libssh4-0.6.3-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46773	P	libspice-client-glib-2_0-8-0.29-1.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46689	P	kernel-default-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11539	P	gdk-pixbuf-lang-2.30.6-1.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11750	P	yast2-3.1.155-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11884	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55868	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:24456	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53522	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:52843	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53642	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:54307	P	librpcsecgss3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25150	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:46274	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:25169	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:46154	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:54247	P	libXt6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55716	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:54399	P	wdiff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53068	P	Security update for the Linux Azure Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24663	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25005	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24645	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25015	P	Security update for ghostscript (Moderate)	2020-12-01
oval:org.opensuse.security:def:53005	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:53688	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:52865	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53748	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53069	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25788	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:24383	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:25213	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:54285	P	libmpfr4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54473	P	gdk-pixbuf-lang on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24719	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:46077	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:24726	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25068	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:53243	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:53973	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53231	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:53914	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:53091	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25092	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25823	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:46078	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:25851	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:24446	P	Security update for apache2-mod_jk (Important)	2020-12-01
oval:org.opensuse.security:def:54366	P	python-libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54511	P	libHX28 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24802	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24393	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:24782	P	Security update for opensc (Low)	2020-12-01
oval:org.opensuse.security:def:46140	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:53416	P	Security update for nodejs8 (Important)	2020-12-01
oval:org.opensuse.security:def:54081	P	libzmq3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53469	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:54199	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46211	P	Security update for nfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25106	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:46091	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25155	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25886	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:46141	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:54173	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55642	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:52842	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:54592	P	libpulse-mainloop-glib0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24582	P	Security update for apache2-mod_perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:24952	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24519	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:24865	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)	2020-12-01
oval:org.cisecurity:def:814	V	Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier - CVE-2016-1107	2016-07-15
oval:org.opensuse.security:def:78350	P	Security update for flash-player (Important)	2016-05-16
oval:org.opensuse.security:def:78576	P	Security update for flash-player (Important)	2016-05-16
oval:com.ubuntu.precise:def:20161107000	V	CVE-2016-1107 on Ubuntu 12.04 LTS (precise) - medium.	2016-05-11
oval:com.ubuntu.trusty:def:20161107000	V	CVE-2016-1107 on Ubuntu 14.04 LTS (trusty) - medium.	2016-05-11
oval:com.ubuntu.xenial:def:201611070000000	V	CVE-2016-1107 on Ubuntu 16.04 LTS (xenial) - medium.	2016-05-11
oval:com.ubuntu.xenial:def:20161107000	V	CVE-2016-1107 on Ubuntu 16.04 LTS (xenial) - medium.	2016-05-11

BACK