CVE-2016-1014
First published: Sat Apr 09 2016(Updated: )
Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | <=11.2.202.577 | |
| Linux Kernel | ||
| Adobe Flash Player | <=21.0.0.197 | |
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| Macromedia Flash Player | <=18.0.0.333 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 8.1 | ||
| Macromedia Flash Player | <=21.0.0.197 | |
| Macromedia Flash Player | <=21.0.0.197 | |
| Chrome OS | ||
| Macromedia Flash Player | <=21.0.0.197 | |
| Adobe AIR | <=21.0.0.176 | |
| Adobe AIR | <=21.0.0.176 | |
| iStyle @cosme iPhone OS | ||
| Android | ||
| Adobe AIR SDK & Compiler | <=21.0.0.176 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
- http://packetstormsecurity.com/files/137532/Adobe-Flash-Player-DLL-Hijacking.html
- http://rhn.redhat.com/errata/RHSA-2016-0610.html
- http://seclists.org/fulldisclosure/2016/Jun/39
- http://www.securityfocus.com/archive/1/538699/100/0/threaded
- http://www.securitytracker.com/id/1035509
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050
- https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
Frequently Asked Questions
What is the severity of CVE-2016-1014?
CVE-2016-1014 is rated as a high-severity vulnerability due to its potential to allow local users to gain elevated privileges.
How do I fix CVE-2016-1014?
To fix CVE-2016-1014, update Adobe Flash Player to versions 18.0.0.344 or later, or 21.0.0.214 or later.
Who is affected by CVE-2016-1014?
CVE-2016-1014 affects users of Adobe Flash Player versions prior to 18.0.0.344 and between 19.0.0.0 and 21.0.0.214 on Windows and OS X, and before 11.2.202.616 on Linux.
What is an untrusted search path vulnerability in CVE-2016-1014?
An untrusted search path vulnerability allows malicious users to manipulate application resource loading to execute arbitrary code in a privileged context.
What are the consequences of exploiting CVE-2016-1014?
Exploiting CVE-2016-1014 can lead to privilege escalation, where an attacker gains unauthorized access to system resources.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/11.2.202.577
- vendor/linux
- canonical/linux kernel
- canonical/adobe flash player
- version/adobe flash player/21.0.0.197
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- version/macromedia flash player/18.0.0.333
- canonical/microsoft windows 10
- canonical/microsoft windows 8.1
- version/macromedia flash player/21.0.0.197
- vendor/google
- canonical/chrome os
- canonical/adobe air
- version/adobe air/21.0.0.176
- canonical/istyle @cosme iphone os
- canonical/android
- canonical/adobe air sdk & compiler
- version/adobe air sdk & compiler/21.0.0.176