CVE-2016-4136
published 2016-06-16CVE-2016-4136: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and…
PriorityP262high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
16.38%
96.6th percentile
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | <= 21.0.0.242 | — |
| adobe | flash_player | <= 11.2.202.621 | — |
| adobe | flash_player | <= 18.0.0.352 | — |
| adobe | flash_player_desktop_runtime | <= 21.0.0.242 | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_workstation_extension | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger involves loading a malicious JXR file via LoadImage.swf with an ATF-wrapped payload; monitor for Flash Player loading ATF files referencing JXR content (e.g., query parameter pattern '?img=*.atf') ↗
- →Vulnerability is a Use-after-Free of plane->model_hp_buffer in the open-source JXR component within Adobe Flash; look for double-free or UaF crash signatures in Flash Player process memory during JXR image processing ↗
- →Crash occurs when the Flash Player is destroyed/torn down after processing the malicious JXR file; anomalous Flash Player process termination crashes following image load events may indicate exploitation attempts ↗
- ·Crash is non-deterministic and may require multiple attempts to reproduce; detection based on crash telemetry alone may have low reliability ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vgv4-f4q4-76rv: Unspecified vulnerability in Adobe Flash Player 21
ghsa_unreviewed·2022-05-13
CVE-2016-4136 [HIGH] GHSA-vgv4-f4q4-76rv: Unspecified vulnerability in Adobe Flash Player 21
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-18
vendor_redhat·2016-06-14·CVSS 8.8
CVE-2016-4136 [HIGH] flash-plugin: multiple code execution issues fixed in APSB16-18
flash-plugin: multiple code execution issues fixed in APSB16-18
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
No detection rules found.
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlhttp://www.securitytracker.com/id/1036117https://access.redhat.com/errata/RHSA-2016:1238https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083https://helpx.adobe.com/security/products/flash-player/apsb16-18.htmlhttps://www.exploit-db.com/exploits/40088/http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlhttp://www.securitytracker.com/id/1036117https://access.redhat.com/errata/RHSA-2016:1238https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083https://helpx.adobe.com/security/products/flash-player/apsb16-18.htmlhttps://www.exploit-db.com/exploits/40088/
2016-06-16
Published