Vulnerability in N/a
CVE-2016-1019
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
EPSS: 0.567 (98.2th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: The impacted product is end-of-life and should be disconnected if still in use.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
References
- www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html (x_refsource_MISC)
- GLSA-201606-08 (vendor-advisory, x_refsource_GENTOO)
- openSUSE-SU-2016:0997 (vendor-advisory, x_refsource_SUSE)
- helpx.adobe.com/security/products/flash-player/apsa16-01.html (x_refsource_CONFIRM)
- SUSE-SU-2016:0990 (vendor-advisory, x_refsource_SUSE)
- 1035491 (vdb-entry, x_refsource_SECTRACK)
- SUSE-SU-2016:1305 (vendor-advisory, x_refsource_SUSE)
- blogs.adobe.com/psirt/ (x_refsource_CONFIRM)
- openSUSE-SU-2016:0987 (vendor-advisory, x_refsource_SUSE)
- openSUSE-SU-2016:1306 (vendor-advisory, x_refsource_SUSE)
Frequently asked questions
- What is CVE-2016-1019?
- CVE-2016-1019 is a vulnerability in N/a. Published 2016-04-07.
- Is CVE-2016-1019 known to be exploited?
- Yes. CVE-2016-1019 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-03-03), indicating it is being actively exploited. 9 public proof-of-concept repositories are indexed.