CVE-2016-1010
HIGHCISA KEVEPSS 97th pctlDescription
Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.
CVSS v3 Vector
Exploitability
Impact
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploit Intelligence
Very high risk: more likely to be exploited than 97% of all known CVEs.
Adobe Flash Player and AIR Integer Overflow Vulnerability
Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.
The impacted products are end-of-life and should be disconnected if still in use.
Remediation due: 2022-06-15
References
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html
- http://www.securityfocus.com/bid/84308
- http://www.securitytracker.com/id/1035251
- https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
- https://security.gentoo.org/glsa/201603-07
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-1010
Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-22.