7.5
CVE-2016-4232
- EPSS 36.46%
- Veröffentlicht 13.07.2016 02:00:39
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Flash Player Desktop Runtime Version <= 22.0.0.192
Adobe ≫ Flash Player SwEditionesr Version <= 18.0.0.360
Adobe ≫ Flash Player SwPlatformchrome Version <= 22.0.0.192
Adobe ≫ Flash Player SwPlatformedge Version <= 22.0.0.192
Adobe ≫ Flash Player SwPlatforminternet_explorer Version <= 22.0.0.192
Adobe ≫ Flash Player Version <= 11.2.202.626
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 36.46% | 0.983 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html
http://www.securitytracker.com/id/1036280
https://access.redhat.com/errata/RHSA-2016:1423
https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093
https://security.gentoo.org/glsa/201607-03
http://www.securityfocus.com/bid/91724
https://www.exploit-db.com/exploits/40355/