← Back

CVE-2016-1015

nvd nist
Published: Apr 9, 2016Modified: May 6, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified "type confusion," a different vulnerability than CVE-2016-1019.

Affected (9)

Adobe
5 products
Flash Player
Flash Player Desktop Runtime
Air Desktop Runtime
Air Sdk
Air Sdk & Compiler
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Flash Player
Up to 11.2.202.577
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Flash Player Desktop Runtime
Up to 21.0.0.197
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Flash Player
Up to 18.0.0.333
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flash Player
Up to 21.0.0.197
Running on/withPlatform Versions
Microsoft
Windows 8.1
All versions
Configuration E
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Flash Player
Up to 21.0.0.197
Running on/withPlatform Versions
Google
Chrome Os
All versions
Linux
Linux Kernel
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flash Player
Up to 21.0.0.197
Running on/withPlatform Versions
Microsoft
Windows 10
All versions
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Air Desktop Runtime
Up to 21.0.0.176
Configuration H
1 vulnerable
Vulnerable SoftwareAffected Versions
Air Sdk
Up to 21.0.0.176
Configuration I
1 vulnerable · 4 platform
Vulnerable SoftwareAffected Versions
Air Sdk & Compiler
Up to 21.0.0.176
Running on/withPlatform Versions
Apple
Iphone Os
All versions
Apple
Mac Os X
All versions
Google
Android
All versions
Microsoft
Windows
All versions

Related CWEs

CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (16)

Source: psirt@adobe.com
Broken LinkThird Party Advisory
Source: psirt@adobe.com
Broken LinkThird Party Advisory
Source: psirt@adobe.com
Third Party Advisory
Source: psirt@adobe.com
Broken LinkThird Party AdvisoryVDB Entry
Source: psirt@adobe.com
Broken LinkThird Party AdvisoryVDB Entry
Source: psirt@adobe.com
Third Party AdvisoryVDB Entry
Source: psirt@adobe.com
PatchThird Party Advisory
Source: psirt@adobe.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.