CVE-2016-1106
CVE-2016-1106
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 37.2%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
11 May 2016Published on NVD
17 May 2016Public PoC
Weaponization speed
6 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/137057/Adobe-Flash-SetNative-Use-After-Free.htmlunverifiedcve_referencewww.exploit-db.com/exploits/39831/unverifiedexploitdbwww.exploit-db.com/exploits/39831unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.htmlhttp://packetstormsecurity.com/files/137057/Adobe-Flash-SetNative-Use-After-Free.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1079.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-064https://helpx.adobe.com/security/products/flash-player/apsb16-15.htmlhttps://www.exploit-db.com/exploits/39831/http://www.securitytracker.com/id/1035827