CVE-2016-0963

HIGH Year: 2016
CVSS v3 Score
8.8
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-190
View all →

Vulnerability Description

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010.

Related Vulnerabilities

CVE-2010-0129

HIGH
CVSS:8.8(High)

Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (ak...

CWE-1902010

CVE-2010-0130

HIGH
CVSS:8.8(High)

Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.

CWE-1902010

CVE-2010-2753

HIGH
CVSS:8.8(High)

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arb...

CWE-1902010

CVE-2011-3631

HIGH
CVSS:8.8(High)

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to b...

CWE-1902011

CVE-2012-5054

HIGH
CVSS:8.8(High)

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.

CWE-1902012

CVE-2014-4607

HIGH
CVSS:8.8(High)

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

CWE-1902014