Security Update for Adobe Flash Player
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 24 |
| CVE-ID | CVE-2016-4173 CVE-2016-4174 CVE-2016-4175 CVE-2016-4176 CVE-2016-4177 CVE-2016-4178 CVE-2016-4179 CVE-2016-4182 CVE-2016-4188 CVE-2016-4185 CVE-2016-4222 CVE-2016-4223 CVE-2016-4224 CVE-2016-4225 CVE-2016-4226 CVE-2016-4227 CVE-2016-4228 CVE-2016-4229 CVE-2016-4230 CVE-2016-4231 CVE-2016-4232 CVE-2016-4247 CVE-2016-4248 CVE-2016-4249 |
| CWE-ID | CWE-119 CWE-200 CWE-843 CWE-401 CWE-362 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #15 is available. Public exploit code for vulnerability #16 is available. Public exploit code for vulnerability #17 is available. Public exploit code for vulnerability #18 is available. Public exploit code for vulnerability #19 is available. Public exploit code for vulnerability #20 is available. Public exploit code for vulnerability #21 is available. |
| Vulnerable software |
Adobe Flash Player Extended Support Release Client/Desktop applications / Plugins for browsers, ActiveX components Adobe Flash Player for Linux Client/Desktop applications / Plugins for browsers, ActiveX components Adobe Flash Player Client/Desktop applications / Plugins for browsers, ActiveX components |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) Use-after-free error
EUVDB-ID: #VU3736
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4173
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free error
EUVDB-ID: #VU3737
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4174
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU3738
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4175
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Stack-based buffer overflow
EUVDB-ID: #VU3739
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4176
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Stack-based buffer overflow
EUVDB-ID: #VU3740
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4177
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Security bypass
EUVDB-ID: #VU3741
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-4178
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to improper access control. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security mechanisms and gain access to important data.
Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU3742
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4179
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Memory corruption
EUVDB-ID: #VU3745
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4182
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory corruption
EUVDB-ID: #VU3751
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4188
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory corruption
EUVDB-ID: #VU3748
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4185
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free error
EUVDB-ID: #VU3757
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4222
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Type confusion
EUVDB-ID: #VU3758
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4223
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to type confusion error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Type confusion
EUVDB-ID: #VU3759
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4224
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to type confusion error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Type confusion
EUVDB-ID: #VU3760
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4225
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to type confusion error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free error
EUVDB-ID: #VU3761
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4226
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
16) Use-after-free error
EUVDB-ID: #VU3762
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4227
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
17) Use-after-free error
EUVDB-ID: #VU3763
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4228
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
18) Use-after-free error
EUVDB-ID: #VU3764
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4229
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
19) Use-after-free error
EUVDB-ID: #VU3765
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4230
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
20) Use-after-free error
EUVDB-ID: #VU3766
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4231
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
21) Information disclosure
EUVDB-ID: #VU3767
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2016-4232
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to memory leak. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it and gain access to important data.
Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
22) Race condition
EUVDB-ID: #VU3782
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-4247
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to race condition. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it and gain access to important data.
Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free error
EUVDB-ID: #VU3783
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4248
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Heap-based buffer overflow
EUVDB-ID: #VU3784
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4249
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632
Adobe Flash Player: 22.0.0.192 - 22.0.0.209
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.324:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.326:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.192:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:22.0.0.209:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
