CVE-2016-0960: Buffer Overflow
First published: Sat Mar 12 2016(Updated: )
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | <=20.0.0.306 | |
| Apple iOS and macOS | ||
| Chrome OS | ||
| Linux Kernel | ||
| Microsoft Windows | ||
| Adobe AIR SDK | <=20.0.0.233 | |
| Android | ||
| Adobe AIR | <=20.0.0.260 | |
| Samsung X14J eu | =t-ms14jakucb-1102.5 | |
| iStyle @cosme iPhone OS | ||
| Adobe Acrobat Reader | <=11.2.202.569 | |
| Adobe Flash Player | <=20.2.2.306 | |
| Adobe Acrobat Reader | <=20.0.0.306 | |
| Microsoft Windows 10 | ||
| Adobe Acrobat Reader | <=20.0.0.306 | |
| Microsoft Windows 8.1 | ||
| Adobe AIR | <=20.0.0.260 | |
| Adobe AIR SDK & Compiler | <=20.0.0.260 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html
- http://www.securityfocus.com/bid/84311
- http://www.securitytracker.com/id/1035251
- https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- https://security.gentoo.org/glsa/201603-07
Frequently Asked Questions
What is the severity of CVE-2016-0960?
CVE-2016-0960 has a critical severity rating due to its potential to allow attackers to execute arbitrary code.
How do I fix CVE-2016-0960?
To fix CVE-2016-0960, update Adobe Flash Player to version 18.0.0.333 or higher, or 21.0.0.182 for 19.x to 21.x.
Which Adobe products are affected by CVE-2016-0960?
CVE-2016-0960 affects Adobe Flash Player versions before 18.0.0.333 and 19.x through 21.x before 21.0.0.182, as well as Adobe AIR and Adobe AIR SDK versions before 21.0.0.176.
On which operating systems does CVE-2016-0960 exist?
CVE-2016-0960 exists on Windows, OS X, and Linux operating systems.
What kind of attack can CVE-2016-0960 enable?
CVE-2016-0960 can enable remote code execution and potentially lead to denial of service attacks.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/weakness
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/20.0.0.306
- vendor/apple
- canonical/apple ios and macos
- vendor/google
- canonical/chrome os
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows
- canonical/adobe air sdk
- version/adobe air sdk/20.0.0.233
- canonical/android
- canonical/adobe air
- version/adobe air/20.0.0.260
- vendor/samsung
- canonical/samsung x14j eu
- version/samsung x14j eu/t-ms14jakucb-1102.5
- canonical/istyle @cosme iphone os
- version/adobe acrobat reader/11.2.202.569
- canonical/adobe flash player
- version/adobe flash player/20.2.2.306
- canonical/microsoft windows 10
- canonical/microsoft windows 8.1
- canonical/adobe air sdk & compiler
- version/adobe air sdk & compiler/20.0.0.260