FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
CVSS base score 9.8 CVSS impact score 5.9 CVSS exploitability score 3.9 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH
CVE-2016-4117:
CVSS base score 9.8
CVSS impact score 5.9
CVSS exploitability score 3.9
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH
CVE-2016-4224:
CVSS base score 8.8
CVSS impact score 5.9
CVSS exploitability score 2.8
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH
CVE-2016-4117: Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
CVE-2016-4224: Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4225.
CVE-2016-4117:
Access Vector
Access Complexity
Authentication
CVE-2016-4224:
Access Vector
Access Complexity
Authentication
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
©2019 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Privacy Policy | Snort License | FAQ | Sitemap
