CVE-2016-6924Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write14 documents4 sources
Severity
8.8HIGHNVD
EPSS
3.3%
top 12.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Flash PlayerAdobe Flash Player Desktop Runtime
Timeline
PublishedSep 14
Latest updateMay 14

Description

Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6922.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDadobe/flash_player11.2.202.632+2

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-pp4w-2qx8-3688: Adobe Flash Player before 182022-05-14
CVEList
CVE-2016-6924: Adobe Flash Player before 182016-09-14

📋Vendor Advisories

11
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-292016-09-13
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-292016-09-13
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-292016-09-13
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-292016-09-13
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-292016-09-13
CVE-2016-6924 — Adobe Flash Player vulnerability | cvebase