CVE-2016-0959: Use After Free
First published: Tue Jun 27 2017(Updated: )
Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | <=20.0.0.235 | |
| Apple iOS and macOS | ||
| Microsoft Windows Operating System | ||
| Adobe Flash Player | <=18.0.0.268 | |
| Macromedia Flash Player | <=20.0.0.228 | |
| Chrome OS | ||
| Linux Kernel | ||
| Macromedia Flash Player | <=20.0.0.228 | |
| Macromedia Flash Player | <=20.0.0.228 | |
| Windows 10 | ||
| Microsoft Windows 8.0 | ||
| Microsoft Windows | ||
| Adobe Flash Player | <=11.2.202.554 | |
| Adobe | <=20.0.0.204 | |
| Adobe AIR SDK & Compiler | <=20.0.0.204 | |
| iPhone OS | ||
| Android | ||
| Adobe AIR | <=20.0.0.204 | |
| Adobe AIR | <=20.0.0.204 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-0959?
CVE-2016-0959 is rated as critical due to its potential for exploitation that can lead to remote code execution.
How do I fix CVE-2016-0959?
To fix CVE-2016-0959, ensure that you update Adobe Flash Player to version 20.0.0.267 or later.
Which versions of Adobe Flash Player are affected by CVE-2016-0959?
CVE-2016-0959 affects Adobe Flash Player Desktop Runtime before version 20.0.0.267 and also prior versions of the Extended Support Release.
Can CVE-2016-0959 be exploited in web browsers?
Yes, CVE-2016-0959 can be exploited in web browsers that utilize Adobe Flash Player, including Internet Explorer and Google Chrome.
What are the potential impacts of CVE-2016-0959?
The potential impacts of CVE-2016-0959 include remote code execution, which allows attackers to take control of affected systems.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/20.0.0.235
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows operating system
- canonical/adobe flash player
- version/adobe flash player/18.0.0.268
- version/macromedia flash player/20.0.0.228
- vendor/google
- canonical/chrome os
- vendor/linux
- canonical/linux kernel
- canonical/windows 10
- canonical/microsoft windows 8.0
- canonical/microsoft windows
- version/adobe flash player/11.2.202.554
- canonical/adobe
- version/adobe/20.0.0.204
- canonical/adobe air sdk & compiler
- version/adobe air sdk & compiler/20.0.0.204
- canonical/iphone os
- canonical/android
- canonical/adobe air
- version/adobe air/20.0.0.204