Lucene search

[email protected]CVE-2016-4225

HistoryJul 13, 2016 - 2:00 a.m.

CVE-2016-4225

2016-07-1302:00:33

CWE-843

[email protected]

web.nvd.nist.gov

cve-2016-4225

adobe flash player

type confusion

arbitrary code execution

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.0%

JSON

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2016-4223 and CVE-2016-4224.

Affected configurations

NVD

Node

adobeflash_player_desktop_runtimeRange≤22.0.0.192

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤18.0.0.360esr

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤22.0.0.192chrome

AND

applemac_os_xMatch-

googlechrome_osMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤22.0.0.192edge

adobeflash_playerRange≤22.0.0.192internet_explorer

AND

microsoftwindows_10Match-

microsoftwindows_8.1Match-

Node

adobeflash_playerRange≤11.2.202.626

AND

linuxlinux_kernelMatch-

CPENameOperatorVersion
adobe:flash_player_desktop_runtimeadobe flash player desktop runtimele22.0.0.192

CPE	Name	Operator	Version
adobe:flash_player_desktop_runtime	adobe flash player desktop runtime	le	22.0.0.192

References

lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html

www.securityfocus.com/bid/91718

www.securitytracker.com/id/1036280

www.zerodayinitiative.com/advisories/ZDI-16-427

access.redhat.com/errata/RHSA-2016:1423

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093

helpx.adobe.com/security/products/flash-player/apsb16-25.html

security.gentoo.org/glsa/201607-03

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.0%

JSON

Related for CVE-2016-4225

ubuntucve3 prion3 cvelist3 redhatcve3 nvd3 cve2 checkpoint_advisories3 zdi3 mscve1 nessus9 gentoo1 suse3 kaspersky1 openvas8 altlinux2 archlinux2 freebsd1 redhat1 mageia1