Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2016-0984 | Adobe Flash Player and AIR Use-After-Free Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
This use-after-free vulnerability is exploited by having the user open a maliciously-crafted file.
This CVE was observed to be exploited by the threat actor known as BlackOasis. The threat actor then installs command and control tools.
References
|
| CVE-2016-0984 | Adobe Flash Player and AIR Use-After-Free Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This use-after-free vulnerability is exploited by having the user open a maliciously-crafted file.
This CVE was observed to be exploited by the threat actor known as BlackOasis.
References
|