Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code by leveraging improper reference handling, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html | vendor-advisory x_refsource_SUSE |
| http://www.securitytracker.com/id/1034970 | vdb-entry x_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201603-07 | vendor-advisory x_refsource_GENTOO |
| http://rhn.redhat.com/errata/RHSA-2016-0166.html | vendor-advisory x_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html | vendor-advisory x_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html | vendor-advisory x_refsource_SUSE |
| https://helpx.adobe.com/security/products/flash-player/apsb16-04.html | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html | vendor-advisory x_refsource_SUSE |
| http://zerodayinitiative.com/advisories/ZDI-16-160/ | x_refsource_MISC |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html | vendor-advisory x_refsource_SUSE x_transferred |
| http://www.securitytracker.com/id/1034970 | vdb-entry x_refsource_SECTRACK x_transferred |
| https://security.gentoo.org/glsa/201603-07 | vendor-advisory x_refsource_GENTOO x_transferred |
| http://rhn.redhat.com/errata/RHSA-2016-0166.html | vendor-advisory x_refsource_REDHAT x_transferred |
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html | vendor-advisory x_refsource_SUSE x_transferred |
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html | vendor-advisory x_refsource_SUSE x_transferred |
| https://helpx.adobe.com/security/products/flash-player/apsb16-04.html | x_refsource_CONFIRM x_transferred |
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html | vendor-advisory x_refsource_SUSE x_transferred |
| http://zerodayinitiative.com/advisories/ZDI-16-160/ | x_refsource_MISC x_transferred |