1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Flash Player and AIR Use-After-Free Vulnerability

Known Exploited Vulnerabilities CVE-2016-0984

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2016-0984 Adobe Flash Player and AIR Use-After-Free Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
This use-after-free vulnerability is exploited by having the user open a maliciously-crafted file. This CVE was observed to be exploited by the threat actor known as BlackOasis. The threat actor then installs command and control tools.
References
  1. https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/
  2. https://www.zero-day.cz/database/468/
CVE-2016-0984 Adobe Flash Player and AIR Use-After-Free Vulnerability exploitation_technique T1204.002 Malicious File
Comments
This use-after-free vulnerability is exploited by having the user open a maliciously-crafted file. This CVE was observed to be exploited by the threat actor known as BlackOasis.
References
  1. https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/
  2. https://www.zero-day.cz/database/468/