Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtCOSIG1337DAY-ID-26088
HistoryJul 13, 2016 - 12:00 a.m.

Adobe Flash Player 22.0.0.192 - TAG Memory Corruption

2016-07-1300:00:00
COSIG
0day.today
16

0.047 Low

EPSS

Percentile

92.7%

JSON

Exploit for multiple platform in category dos / poc

#####################################################################################
 
# Application: Adobe Flash Player
# Platforms: Windows,OSX
# Versions: 22.0.0.192 and earlier
# Author: Francis Provencher of COSIG
# Website: https://cosig.gouv.qc.ca/avis/
# Twitter: @COSIG_
# Date: 12 juillet 2016
# CVE-2016-4176
# COSIG-2016-20
 
#####################################################################################
 
1) Introduction
2) Report Timeline
3) Technical details
4) POC
 
#####################################################################################
 
===============
1) Introduction
===============
Adobe Flash Player (labeled Shockwave Flash in Internet Explorer and Firefox) is a freeware software for using content created on the Adobe Flash platform, including viewing multimedia, executing rich Internet applications, and streaming video and audio. Flash Player can run from a web browser as a browser plug-in or on supported mobile devices.[7] Flash Player was created by Macromedia and has been developed and distributed by Adobe Systems since Adobe acquired Macromedia.
 
(https://en.wikipedia.org/wiki/Adobe_Flash_Player)
 
#####################################################################################
 
====================
2) Report Timeline
====================
2016-05-10: Francis Provencher du COSIG of COSIG report this vulnerability to Adobe PSIRT;
2016-05-17: Adobe PSIRT confirm this vulnerability;
2016-07-12: Adobe publish a patch (APSB16-25);
2016-07-12: Advisory released by COSIG;
 
#####################################################################################
 
=====================
3) Technical details
=====================
 
The vulnerability allows a remote attacker to execute malicious code or access to a part of the dynamically allocated memory using a user interaction
visiting a Web page or open a specially crafted SWF file, which contains β€˜TAG’ invalid data.
 
#####################################################################################
 
===========
4) POC:
===========
 
https://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-20.zip
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40105.zip
 
###############################################################################

#  0day.today [2018-01-08]  #

Related

exploitpack 1
checkpoint_advisories 1
exploitdb 1
cve 2
prion 2
nvd 2
ubuntucve 2
redhatcve 2
cvelist 2
mscve 1
nessus 8
openvas 8
mageia 1
suse 3
kaspersky 1
altlinux 2
archlinux 2
redhat 1
freebsd 1
exploitpack
exploitpack
Adobe Flash Player 22.0.0.192 - TAG Memory Corruption
2016-07-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSB16-25: CVE-2016-4176)
2016-07-17 00:00:00
exploitdb
exploitdb
Adobe Flash Player 22.0.0.192 - TAG Memory Corruption
2016-07-13 00:00:00
cve
cve
CVE-2016-4176
2016-07-13 01:59:45
CVE-2016-4177
2016-07-13 01:59:46
prion
prion
Memory corruption
2016-07-13 01:59:00
Memory corruption
2016-07-13 01:59:00
nvd
nvd
CVE-2016-4177
2016-07-13 01:59:46
CVE-2016-4176
2016-07-13 01:59:45
ubuntucve
ubuntucve
CVE-2016-4176
2016-07-13 00:00:00
CVE-2016-4177
2016-07-13 00:00:00
redhatcve
redhatcve
CVE-2016-4177
2016-07-13 08:23:49
CVE-2016-4176
2016-07-13 08:23:43
cvelist
cvelist
CVE-2016-4177
2016-07-13 01:00:00
CVE-2016-4176
2016-07-13 01:00:00
mscve
mscve
July 2016 Adobe Flash Security Update
2016-07-12 07:00:00
nessus
nessus
RHEL 5 / 6 : flash-plugin (RHSA-2016:1423)
2016-07-14 00:00:00
Adobe Flash Player for Mac <= 22.0.0.192 Multiple Vulnerabilities (APSB16-25)
2016-07-12 00:00:00
MS16-093: Security Update for Adobe Flash Player (3174060)
2016-07-12 00:00:00
openvas
openvas
Adobe Flash Player Security Update (APSB16-25) - Mac OS X
2016-07-13 00:00:00
Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3174060)
2017-03-17 00:00:00
Mageia: Security Advisory (MGASA-2016-0251)
2022-01-28 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix 52 security vulnerabilities
2016-07-12 22:49:52
suse
suse
Security update for flash-player (important)
2016-07-19 17:10:03
Security update for flash-player (important)
2016-07-13 22:07:51
Security update for flash-player (important)
2016-07-14 17:08:06
kaspersky
kaspersky
KLA10839 Multiple vulnerabilities in Adobe Flash Player
2016-07-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt64
2016-07-20 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt64
2016-07-20 00:00:00
archlinux
archlinux
lib32-flashplugin: multiple issues
2016-07-18 00:00:00
flashplugin: multiple issues
2016-07-18 00:00:00
redhat
redhat
(RHSA-2016:1423) Critical: flash-plugin security update
2016-07-13 00:00:00
freebsd
freebsd
flash -- multiple vulnerabilities
2016-07-12 00:00:00

0.047 Low

EPSS

Percentile

92.7%

JSON
Related for 1337DAY-ID-26088
exploitpack1checkpoint_advisories1exploitdb1cve2prion2nvd2ubuntucve2redhatcve2cvelist2mscve1nessus8openvas8mageia1suse3kaspersky1altlinux2archlinux2redhat1freebsd1