Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-4275Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write15 documents5 sources
Severity
8.8HIGHNVD
EPSS
56.7%
top 1.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe Flash PlayerAdobe Flash Player Desktop Runtime
Timeline
PublishedSep 14
Latest updateMay 14

Description

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDadobe/flash_player11.2.202.632+2

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-x83x-pfj2-3j2c: Adobe Flash Player before 182022-05-14
CVEList
CVE-2016-4275: Adobe Flash Player before 182016-09-14

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash - Crash When Freeing Memory After AVC decoding2016-09-23

📋Vendor Advisories

11
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-292016-09-13
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-292016-09-13
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-292016-09-13
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-292016-09-13
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-292016-09-13
CVE-2016-4275 — Adobe Flash Player vulnerability | cvebase