What is CVE-2016-0959?

CVE-2016-0959 is a critical-severity vulnerability in Adobe Air, classified under Use After Free. CVSS score: 9.8/10. Published 2017-06-27.

How severe is CVE-2016-0959?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2016-0959 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Adobe Air

CVE-2016-0959

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft E…

Vulnerability class: Use-After-Free

EPSS: 0.016 (82.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

thdusdl1219/CVE-Study

References

psirt@adobe.com (x_refsource_REDHAT, vendor-advisory)
psirt@adobe.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
psirt@adobe.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-0959?: CVE-2016-0959 is a critical-severity vulnerability in Adobe Air, classified under Use After Free. CVSS score: 9.8/10. Published 2017-06-27.
How severe is CVE-2016-0959?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2016-0959 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.