CVE-2016-4178
flash-plugin: multiple code execution issues fixed in APSB16-25
Severity Score
Exploit Likelihood
Affected Versions
13Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
Adobe Flash Player en versiones anteriores a 18.0.0.366 y 19.x hasta la versión 22.x en versiones anteriores a 22.0.0.209 en Windows y OS X y en versiones anteriores a 11.2.202.632 en Linux permite a atacantes eludir restricciones destinadas al acceso y obtener información sensible a través de vectores no especificados.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-04-27 CVE Reserved
- 2016-07-13 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (9)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-... | 2023-01-20 | |
| http://lists.opensuse.org/opensuse-security-announce/2016-... | 2023-01-20 | |
| https://access.redhat.com/errata/RHSA-2016:1423 | 2023-01-20 | |
| https://access.redhat.com/security/cve/CVE-2016-4178 | 2016-07-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1355971 | 2016-07-13 |