Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-4108Use After Free in Adobe AIR Desktop Runtime

CWE-416Use After Free12 documents8 sources
Severity
9.8CRITICALNVD
NVD7.5CNA7.5OSV7.5
EPSS
65.6%
top 1.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Adobe AIR Desktop RuntimeAdobe AIR SDKAdobe AIR SDK Compiler+3 more
Timeline
PublishedMay 11
Latest updateMay 14

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages6 packages

NVDadobe/flash_player21.0.0.213+4
NVDadobe/air_sdk21.0.0.198
NVDadobe/air_sdk_compiler21.0.0.198

🔴Vulnerability Details

5
GHSA
GHSA-gj4r-qpq9-xp3h: Use-after-free vulnerability in Adobe Flash Player before 182022-05-14
GHSA
GHSA-j9m7-42pq-p58j: Unspecified vulnerability in Adobe Flash Player 212022-05-14
CVEList
CVE-2016-4121: Use-after-free vulnerability in Adobe Flash Player before 182016-06-16
OSV
CVE-2016-4121: Use-after-free vulnerability in Adobe Flash Player before 182016-06-16
CVEList
CVE-2016-4108: Unspecified vulnerability in Adobe Flash Player 212016-05-11

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash - addProperty Use-After-Free2016-05-17

📋Vendor Advisories

2
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-10
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-10

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 05-13-2016

💬Community

1
Bugzilla
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-11
CVE-2016-4108 — Use After Free in Adobe | cvebase