CVE-2016-4121

CWE-416 — Use After Free6 documents6 sources

Severity

9.8CRITICAL

EPSS

5.2%

top 10.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Desktop Runtime Adobe AIR SDK Adobe AIR SDK \& Compiler +2 more

Timeline

PublishedJun 16

Latest updateMay 14

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶NVDadobe/flash_player21.0.0.241+3

▶NVDadobe/flash_player_desktop_runtime21.0.0.226

▶Ubuntuflashplugin-nonfree< 11.2.202.626ubuntu0.14.04.1+1

▶NVDadobe/air_sdk21.0.0.198

▶NVDadobe/air_desktop_runtime21.0.0.198

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-gj4r-qpq9-xp3h: Use-after-free vulnerability in Adobe Flash Player before 18↗2022-05-14

▶

CVEList

CVE-2016-4121: Use-after-free vulnerability in Adobe Flash Player before 18↗2016-06-16

▶

OSV

CVE-2016-4121: Use-after-free vulnerability in Adobe Flash Player before 18↗2016-06-16

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution issues fixed in APSB16-15↗2016-05-10

▶

💬Community

HackerOne

Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability↗2019-11-12

▶