CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0CVE-2016-4224 – Adobe Flash DeleteRangeTimelineOperation Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4224
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4225. Adobe Flash Player en versiones anteriores a 18.0.0.366 y 19.x hasta la versión 22.x en versiones anteriores a 22.0.0.209 en Windows y OS X y en versiones anteriores a 11.2.202.632 en Linux permite a atacantes ejecutar un código arbitrario aprovechando una "type confusion" no especificada, una vulnerabilidad diferente a CVE-2016-4223 y CVE-2016-4225. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DeleteRangeTimelineOperation objects. By performing actions in ActionScript an attacker can trigger a type confusion condition. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html http://www.securityfocus.com/bid/91718 http://www.securitytracker.com/id/1036280 http://www.zerodayinitiative.com/advisories/ZDI-16-428 https://access.redhat.com/errata/RHSA-2016:1423 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093 https://helpx.adobe.com/security/products/flash-player/apsb16-25.html https:/&#x • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0CVE-2016-4174 – Adobe Flash StyleSheet Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4174
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. Uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.366 y 19.x hasta la versión 22.x en versiones anteriores a 22.0.0.209 en Windows y OS X y en versiones anteriores a 11.2.202.632 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-4173, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231 y CVE-2016-4248. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the StyleSheet objects. By calling the parseCSS method of the StyleSheet object from within a specific callback function, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html http://www.securityfocus.com/bid/91719 http://www.securitytracker.com/id/1036280 https://access.redhat.com/errata/RHSA-2016:1423 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093 https://helpx.adobe.com/security/products/flash-player/apsb16-25.html https://access.redhat.com/security/cve/CVE-2016-4174 https:/ • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0CVE-2016-4223 – Adobe Flash AdTimelineItem Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4223
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4224 and CVE-2016-4225. Adobe Flash Player en versiones anteriores a 18.0.0.366 y 19.x hasta la versión 22.x en versiones anteriores a 22.0.0.209 en Windows y OS X y en versiones anteriores a 11.2.202.632 en Linux permite a atacantes ejecutar un código arbitrario aprovechando una "type confusion" no especificada, una vulnerabilidad diferente a CVE-2016-4224 y CVE-2016-4225. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AdTimelineItem objects. By performing actions in ActionScript an attacker can trigger a type confusion condition. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html http://www.securityfocus.com/bid/91718 http://www.securitytracker.com/id/1036280 http://www.zerodayinitiative.com/advisories/ZDI-16-424 https://access.redhat.com/errata/RHSA-2016:1423 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093 https://helpx.adobe.com/security/products/flash-player/apsb16-25.html https:/&#x • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 3%CPEs: 17EXPL: 0CVE-2016-4222 – Adobe Flash PrintJob printAsBitmap Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4222
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.366 y 19.x hasta la versión 22.x en versiones anteriores a 22.0.0.209 en Windows y OS X y en versiones anteriores a 11.2.202.632 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231 y CVE-2016-4248. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PrintJob objects. By setting the printAsBitmap property with a specific value, an attacker can cause a pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html http://www.securityfocus.com/bid/91719 http://www.securitytracker.com/id/1036280 http://www.zerodayinitiative.com/advisories/ZDI-16-425 https://access.redhat.com/errata/RHSA-2016:1423 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093 https://helpx.adobe.com/security/products/flash-player/apsb16-25.html https:/&#x • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0CVE-2016-4225 – Adobe Flash AdBreakPlacement Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4225
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224. Adobe Flash Player en versiones anteriores a 18.0.0.366 y 19.x hasta la versión 22.x en versiones anteriores a 22.0.0.209 en Windows y OS X y en versiones anteriores a 11.2.202.632 en Linux permite a atacantes ejecutar un código arbitrario aprovechando una "type confusion" no especificada, una vulnerabilidad diferente a CVE-2016-4223 y CVE-2016-4224. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AdBreakPlacement objects. By performing actions in ActionScript an attacker can trigger a type confusion condition. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html http://www.securityfocus.com/bid/91718 http://www.securitytracker.com/id/1036280 http://www.zerodayinitiative.com/advisories/ZDI-16-427 https://access.redhat.com/errata/RHSA-2016:1423 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093 https://helpx.adobe.com/security/products/flash-player/apsb16-25.html https:/&#x • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •