CVE-2016-4114Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe AIR Desktop Runtime

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer30 documents6 sources
Severity
9.8CRITICALNVD
NVD7.5CNA7.5OSV7.5
EPSS
6.5%
top 8.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Adobe AIR Desktop RuntimeAdobe AIR SDKAdobe AIR SDK Compiler+3 more
Timeline
PublishedMay 11
Latest updateMay 14

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages6 packages

NVDadobe/flash_player21.0.0.241+4
NVDadobe/air_sdk21.0.0.198
NVDadobe/air_sdk_compiler21.0.0.198

🔴Vulnerability Details

17
GHSA
GHSA-j5fp-v7mq-4vvh: Unspecified vulnerability in Adobe Flash Player 212022-05-14
GHSA
GHSA-6gc7-g2p6-mq5h: Adobe Flash Player before 182022-05-14
GHSA
GHSA-6hcp-v9xq-2g4x: Adobe Flash Player before 182022-05-14
GHSA
GHSA-799p-jh5j-8wjj: Adobe Flash Player before 182022-05-14
GHSA
GHSA-3g5f-wchp-h22r: Adobe Flash Player before 182022-05-14

📋Vendor Advisories

6
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-10
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-10
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-10
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-10
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-10

💬Community

1
Bugzilla
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-11
CVE-2016-4114 — Adobe AIR Desktop Runtime vulnerability | cvebase