CVE-2016-1013: Use After Free
First published: Sat Apr 09 2016(Updated: )
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | <=11.2.202.577 | |
| Linux Kernel | ||
| Adobe Flash Player | <=21.0.0.197 | |
| Apple iOS and macOS | ||
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | <=18.0.0.333 | |
| Windows 10 | ||
| Microsoft Windows | ||
| Macromedia Flash Player | <=21.0.0.197 | |
| Macromedia Flash Player | <=21.0.0.197 | |
| Chrome OS | ||
| Macromedia Flash Player | <=21.0.0.197 | |
| Adobe AIR | <=21.0.0.176 | |
| Adobe AIR | <=21.0.0.176 | |
| iPhone OS | ||
| Android | ||
| Adobe AIR SDK & Compiler | <=21.0.0.176 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
- http://rhn.redhat.com/errata/RHSA-2016-0610.html
- http://www.securityfocus.com/bid/85926
- http://www.securitytracker.com/id/1035509
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050
- https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
- https://www.exploit-db.com/exploits/39778/
Frequently Asked Questions
What is the severity of CVE-2016-1013?
CVE-2016-1013 has a critical severity rating due to its potential to allow attackers to execute arbitrary code.
How do I fix CVE-2016-1013?
To fix CVE-2016-1013, users should update Adobe Flash Player to the latest version that addresses this vulnerability.
Which versions are affected by CVE-2016-1013?
CVE-2016-1013 affects Adobe Flash Player versions prior to 18.0.0.343, 19.x through 21.x before 21.0.0.213 on Windows and OS X, and before 11.2.202.616 on Linux.
What are the risks associated with CVE-2016-1013?
The risks associated with CVE-2016-1013 include potential system compromise and unauthorized access due to arbitrary code execution.
Is CVE-2016-1013 specific to Windows?
No, CVE-2016-1013 affects Adobe Flash Player on multiple platforms including Windows, OS X, and Linux.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/11.2.202.577
- vendor/linux
- canonical/linux kernel
- canonical/adobe flash player
- version/adobe flash player/21.0.0.197
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows operating system
- version/macromedia flash player/18.0.0.333
- canonical/windows 10
- canonical/microsoft windows
- version/macromedia flash player/21.0.0.197
- vendor/google
- canonical/chrome os
- canonical/adobe air
- version/adobe air/21.0.0.176
- canonical/iphone os
- canonical/android
- canonical/adobe air sdk & compiler
- version/adobe air sdk & compiler/21.0.0.176