SUSE Linux update for flash-player
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 36 |
| CVE-ID | CVE-2016-4122 CVE-2016-4123 CVE-2016-4124 CVE-2016-4125 CVE-2016-4127 CVE-2016-4128 CVE-2016-4129 CVE-2016-4130 CVE-2016-4131 CVE-2016-4132 CVE-2016-4133 CVE-2016-4134 CVE-2016-4135 CVE-2016-4136 CVE-2016-4137 CVE-2016-4138 CVE-2016-4139 CVE-2016-4140 CVE-2016-4141 CVE-2016-4142 CVE-2016-4143 CVE-2016-4144 CVE-2016-4145 CVE-2016-4146 CVE-2016-4147 CVE-2016-4148 CVE-2016-4149 CVE-2016-4150 CVE-2016-4151 CVE-2016-4152 CVE-2016-4153 CVE-2016-4154 CVE-2016-4155 CVE-2016-4156 CVE-2016-4166 CVE-2016-4171 |
| CWE-ID | CWE-119 CWE-200 CWE-22 CWE-843 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #13 is available. Public exploit code for vulnerability #14 is available. Public exploit code for vulnerability #15 is available. Public exploit code for vulnerability #16 is available. Vulnerability #36 is being exploited in the wild. |
| Vulnerable software Subscribe |
Adobe Flash Player Client/Desktop applications / Plugins for browsers, ActiveX components Adobe Flash Player Extended Support Release Client/Desktop applications / Multimedia software Adobe Flash Player for Linux Client/Desktop applications / Multimedia software |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 36 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU5688
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4122
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU5689
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4123
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU5690
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4124
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU5691
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4125
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU5692
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4127
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU5693
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4128
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU5694
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4129
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory corruption
EUVDB-ID: #VU5695
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4130
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory corruption
EUVDB-ID: #VU5696
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4131
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory corruption
EUVDB-ID: #VU5697
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4132
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory corruption
EUVDB-ID: #VU5698
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4133
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory corruption
EUVDB-ID: #VU5699
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4134
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Heap-based buffer overflow
EUVDB-ID: #VU5717
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-4135
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Heap-based buffer overflow
EUVDB-ID: #VU5718
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-4136
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Memory corruption
EUVDB-ID: #VU5700
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-4137
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
16) Heap-based buffer overflow
EUVDB-ID: #VU5719
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-4138
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
17) Information disclosure
EUVDB-ID: #VU5721
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4139
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to input validation error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass the same-origin-policy and gain access to potentially sensitive data.
Mitigation
Update the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Path traversal
EUVDB-ID: #VU5720
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4140
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to an error in the directory search path used to find resources when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory corruption
EUVDB-ID: #VU3676
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4141
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) “Use-after-free” error
EUVDB-ID: #VU5711
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4142
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) “Use-after-free” error
EUVDB-ID: #VU5712
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4143
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Type confusion
EUVDB-ID: #VU5709
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4144
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confussion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) “Use-after-free” error
EUVDB-ID: #VU5713
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) “Use-after-free” error
EUVDB-ID: #VU5714
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4146
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) “Use-after-free” error
EUVDB-ID: #VU5715
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4147
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) “Use-after-free” error
EUVDB-ID: #VU5716
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4148
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Type confusion
EUVDB-ID: #VU5710
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4149
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confussion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory corruption
EUVDB-ID: #VU5701
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4150
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Memory corruption
EUVDB-ID: #VU5702
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4151
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Memory corruption
EUVDB-ID: #VU5703
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4152
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory corruption
EUVDB-ID: #VU5704
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4153
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Memory corruption
EUVDB-ID: #VU5705
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4154
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Memory corruption
EUVDB-ID: #VU5706
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4155
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory corruption
EUVDB-ID: #VU5707
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4156
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Memory corruption
EUVDB-ID: #VU5708
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4166
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Update the affected packages.
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory corruption
EUVDB-ID: #VU3
Risk: Critical
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2016-4171
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Mitigation
Update the affected packages.
Adobe Flash Player: 21.0.0.182 - 22.0.0.192
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.375
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626
External linkshttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
