Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:748992
HistoryJun 15, 2016 - 12:00 a.m.

Adobe Flash memory corruption vulnerability

2016-06-1500:00:00
www.kb.cert.org
24

0.205 Low

EPSS

Percentile

96.4%

JSON

Overview

Adobe Flash contains an unspecified vulnerability that is currently being exploited in the wild.

Description

Adobe Flash Player 21.0.0.242 and earlier contain an unspecified vulnerability that an allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability is being exploited in the wild. Please see Adobe Security Advisory APSA16-03 for more details.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), PDF file, Microsoft Office document, or any other document that supports embedded SWF content, an attacker may be able to execute arbitrary code. The vulnerability reportedly affects Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS.

Solution

Apply an update

This issue is addressed in Flash Player versions 22.0.0.192, 18.0.0.360, and 11.2.202.626. Please see Adobe Security Bulletin APSB16-18 for more details.

Disable flash in your web browser

Adobe has provide guidance for how to configure Flash in various web browsers. Via the appropriate browser settings, configure Flash to be disabled or at the very least configure Flash to only execute when it is clicked.

Uninstall Flash

Adobe has provided guidance for how to uninstall Flash Player on Windows and how to uninstall Flash Player on the Mac.

Vendor Information

748992

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Adobe Affected

Updated: June 16, 2016

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CVSS Metrics

Group Score Vector
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal 7.1 E:F/RL:U/RC:C
Environmental 7.1 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Acknowledgements

This vulnerability was reported by Adobe, who in turn credits Anton Ivanov and Costin Raiu of Kaspersky Lab.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2016-4171
Date Public: 2016-06-14 Date First Published:

Related

checkpoint_advisories 1
cve 1
prion 1
ubuntucve 1
attackerkb 1
redhatcve 1
cvelist 1
cisa_kev 1
threatpost 3
thn 1
securelist 1
gentoo 1
nessus 9
archlinux 2
suse 3
redhat 1
altlinux 2
openvas 9
mageia 1
freebsd 1
mscve 1
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSA16-03: CVE-2016-4171)
2016-06-15 00:00:00
cve
cve
CVE-2016-4171
2016-06-16 14:59:00
prion
prion
Code injection
2016-06-16 14:59:00
ubuntucve
ubuntucve
CVE-2016-4171
2016-06-16 00:00:00
attackerkb
attackerkb
CVE-2016-4171
2016-06-16 00:00:00
redhatcve
redhatcve
CVE-2016-4171
2016-06-15 07:48:45
cvelist
cvelist
CVE-2016-4171
2016-06-16 14:00:00
cisa_kev
cisa_kev
Adobe Flash Player Remote Code Execution Vulnerability
2022-03-25 00:00:00
threatpost
threatpost
Fix Coming for Flash Vulnerability Under Attack
2016-06-14 12:59:02
Adobe Patches Flash Zero Day Under Attack by APT Group
2016-06-17 06:00:38
FruityArmor APT Group Used Recently Patched Windows Zero Day
2016-10-20 07:00:01
thn
thn
Microsoft releases tons of Security Updates to patch 44 vulnerabilities
2016-06-14 19:35:00
securelist
securelist
APT Trends Report Q2 2018
2018-07-10 10:00:22
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2016-06-18 00:00:00
nessus
nessus
GLSA-201606-08 : Adobe Flash Player: Multiple vulnerabilities
2016-06-20 00:00:00
openSUSE Security Update : flash-player (openSUSE-2016-743)
2016-06-20 00:00:00
FreeBSD : flash -- multiple vulnerabilities (0e3dfdde-35c4-11e6-8e82-002590263bf5)
2016-06-20 00:00:00
archlinux
archlinux
flashplugin: multiple issues
2016-06-19 00:00:00
lib32-flashplugin: multiple issues
2016-06-20 00:00:00
suse
suse
Security update for flash-player (critical)
2016-06-19 02:07:41
Security update for flash-player (critical)
2016-06-17 22:08:03
Security update for flash-player (critical)
2016-06-17 18:08:02
redhat
redhat
(RHSA-2016:1238) Critical: flash-plugin security update
2016-06-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt63
2016-06-27 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt63
2016-06-27 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0228)
2022-01-28 00:00:00
Adobe Flash Player Security Update (APSB16-18) - Linux
2016-06-17 00:00:00
Adobe Flash Player Security Update (APSB16-18) - Windows
2016-06-17 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2016-06-17 08:58:14
freebsd
freebsd
flash -- multiple vulnerabilities
2016-06-16 00:00:00
mscve
mscve
June 2016 Adobe Flash Security Update
2016-06-14 07:00:00

0.205 Low

EPSS

Percentile

96.4%

JSON
Related for VU:748992
checkpoint_advisories1cve1prion1ubuntucve1attackerkb1redhatcve1cvelist1cisa_kev1threatpost3thn1securelist1gentoo1nessus9archlinux2suse3redhat1altlinux2openvas9mageia1freebsd1mscve1