Red Hat update for flash-plugin
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 |
| CWE-ID | CWE-119 CWE-122 CWE-416 CWE-843 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #11 is available. Vulnerability #21 is being exploited in the wild. Public exploit code for vulnerability #22 is available. |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux Desktop Operating systems & Components / Operating system Red Hat Enterprise Linux Workstation Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU4877
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-0964
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Memory corruption
EUVDB-ID: #VU4878
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-0965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Memory corruption
EUVDB-ID: #VU4879
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0966
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU4880
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-0967
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Memory corruption
EUVDB-ID: #VU4881
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0968
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU4882
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0969
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU4883
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0970
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer overflow
EUVDB-ID: #VU4884
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-0971
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a heap-based buffer overflow when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Memory corruption
EUVDB-ID: #VU4885
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0972
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free error
EUVDB-ID: #VU4886
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0973
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free error
EUVDB-ID: #VU4887
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-0974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Use-after-free error
EUVDB-ID: #VU4888
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0975
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory corruption
EUVDB-ID: #VU4889
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0976
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory corruption
EUVDB-ID: #VU4891
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0977
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory corruption
EUVDB-ID: #VU4890
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0978
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory corruption
EUVDB-ID: #VU4892
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0979
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory corruption
EUVDB-ID: #VU4893
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0980
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory corruption
EUVDB-ID: #VU4895
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0981
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free error
EUVDB-ID: #VU4894
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0982
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free error
EUVDB-ID: #VU4896
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0983
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free error
EUVDB-ID: #VU4897
Risk: Critical
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2016-0984
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
According to Kasperksy Lab report, this vulnerability has bein actively exploited in the wild by BlackOasis APT actor.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
22) Type confusion
EUVDB-ID: #VU4898
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-0985
CWE-ID:
CWE-843 - Type confusion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5 - 6
Red Hat Enterprise Linux Workstation: 6
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:0166
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
