High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2016-4154
High
Low
Medium
High
Critical
8.8
CVSS Score
Vulnerability Description
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
14 configuration(s) from 4 vendor(s)
flash_player_desktop_runtime
Version:
16.0.0.287
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:16.0.0.287:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
21.0.0.226
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:21.0.0.226:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
18.0
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
18.0.0.203
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203:*:*:*:*:*:*:*
opensuse
Version:
13.2
CPE:
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
opensuse
Version:
13.1
CPE:
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
enterprise_linux_server
Version:
5.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
enterprise_linux_desktop
Version:
5.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
enterprise_linux_server
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*
enterprise_linux_workstation
Version:
5.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
enterprise_linux_desktop
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*
enterprise_linux_workstation
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*
linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
linux_enterprise_workstation_extension
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
This vulnerability affects 14 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlpsirt@adobe.com Broken Link Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlpsirt@adobe.com Broken Link Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlpsirt@adobe.com Broken Link Mailing List Third Party Advisory
-
http://www.securitytracker.com/id/1036117psirt@adobe.com Broken Link Third Party Advisory VDB Entry
-
https://access.redhat.com/errata/RHSA-2016:1238psirt@adobe.com Third Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083psirt@adobe.com Patch Third Party Advisory
-
https://helpx.adobe.com/security/products/flash-player/apsb16-18.htmlpsirt@adobe.com Patch Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlaf854a3a-2127-422b-91ae-364da2661108 Broken Link Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlaf854a3a-2127-422b-91ae-364da2661108 Broken Link Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlaf854a3a-2127-422b-91ae-364da2661108 Broken Link Mailing List Third Party Advisory
-
http://www.securitytracker.com/id/1036117af854a3a-2127-422b-91ae-364da2661108 Broken Link Third Party Advisory VDB Entry
-
https://access.redhat.com/errata/RHSA-2016:1238af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083af854a3a-2127-422b-91ae-364da2661108 Patch Third Party Advisory
-
https://helpx.adobe.com/security/products/flash-player/apsb16-18.htmlaf854a3a-2127-422b-91ae-364da2661108 Patch Vendor Advisory
Severity Details
8.8
out of 10.0
High
Weakness Type (CWE)
CWE-787
Top 25 #2
Out-of-bounds Write
- Description
- The product writes data past the end, or before the beginning, of the intended buffer.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- June 16, 2016
