Security Update for Adobe Flash Player
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 26 |
| CVE-ID | CVE-2016-4271 CVE-2016-4272 CVE-2016-4274 CVE-2016-4275 CVE-2016-4276 CVE-2016-4277 CVE-2016-4278 CVE-2016-4279 CVE-2016-4280 CVE-2016-4281 CVE-2016-4282 CVE-2016-4283 CVE-2016-4284 CVE-2016-4285 CVE-2016-4287 CVE-2016-6921 CVE-2016-6922 CVE-2016-6923 CVE-2016-6924 CVE-2016-6925 CVE-2016-6926 CVE-2016-6927 CVE-2016-6929 CVE-2016-6930 CVE-2016-6931 CVE-2016-6932 |
| CWE-ID | CWE-284 CWE-119 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Adobe Flash Player Client/Desktop applications / Plugins for browsers, ActiveX components Adobe Flash Player Extended Support Release Client/Desktop applications / Plugins for browsers, ActiveX components Adobe Flash Player for Linux Client/Desktop applications / Plugins for browsers, ActiveX components |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 26 vulnerabilities.
1) Security bypass
EUVDB-ID: #VU702
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-4271
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.
Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.
Mitigation
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) “Use-after-free” error
EUVDB-ID: #VU4764
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4272
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU4765
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4274
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU4766
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2016-4275
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Memory corruption
EUVDB-ID: #VU4767
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4276
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security bypass
EUVDB-ID: #VU4768
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-4277
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.
Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.
Mitigation
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security bypass
EUVDB-ID: #VU4769
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-4278
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.
Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.
Mitigation
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) “Use-after-free” error
EUVDB-ID: #VU4770
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4279
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory corruption
EUVDB-ID: #VU4771
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4280
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory corruption
EUVDB-ID: #VU4772
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4281
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory corruption
EUVDB-ID: #VU4773
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4282
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory corruption
EUVDB-ID: #VU4774
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4283
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory corruption
EUVDB-ID: #VU699
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory corruption
EUVDB-ID: #VU4775
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4285
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Integer overflow
EUVDB-ID: #VU4776
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-4287
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) “Use-after-free” error
EUVDB-ID: #VU4777
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6921
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory corruption
EUVDB-ID: #VU4778
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6922
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) “Use-after-free” error
EUVDB-ID: #VU4779
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6923
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory corruption
EUVDB-ID: #VU4780
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6924
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) “Use-after-free” error
EUVDB-ID: #VU4781
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6925
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) “Use-after-free” error
EUVDB-ID: #VU4782
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6926
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) “Use-after-free” error
EUVDB-ID: #VU4783
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6927
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) “Use-after-free” error
EUVDB-ID: #VU4784
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6929
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) “Use-after-free” error
EUVDB-ID: #VU4785
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6930
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) “Use-after-free” error
EUVDB-ID: #VU4786
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6931
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) “Use-after-free” error
EUVDB-ID: #VU4787
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6932
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Install updates from Microsoft website.
Vulnerable software versionsAdobe Flash Player: 11.2.202.540 - 22.0.0.211
Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.548:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:11.2.202.554:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.268:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.352:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_extended_support_release:18.0.0.360:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
http://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
