7.5

CVE-2016-4232

Exploit
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeFlash Player Desktop Runtime Version <= 22.0.0.192
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player SwEditionesr Version <= 18.0.0.360
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformchrome Version <= 22.0.0.192
   ApplemacOS X Version-
   GoogleChrome Os Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformedge Version <= 22.0.0.192
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player SwPlatforminternet_explorer Version <= 22.0.0.192
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player Version <= 11.2.202.626
   LinuxLinux Kernel Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 36.46% 0.983
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html
Third Party Advisory
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html
Third Party Advisory
Broken Link
http://www.securitytracker.com/id/1036280
Third Party Advisory
Broken Link
VDB Entry
https://access.redhat.com/errata/RHSA-2016:1423
Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Patch
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093
Patch
Third Party Advisory
https://security.gentoo.org/glsa/201607-03
Third Party Advisory
http://www.securityfocus.com/bid/91724
Third Party Advisory
Broken Link
VDB Entry
https://www.exploit-db.com/exploits/40355/
Third Party Advisory
Exploit
VDB Entry