5.3
CVE-2016-4247
- EPSS 3.21%
- Veröffentlicht 13.07.2016 02:00:53
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Flash Player Desktop Runtime Version <= 22.0.0.192
Adobe ≫ Flash Player SwEditionesr Version <= 18.0.0.360
Adobe ≫ Flash Player SwPlatformchrome Version <= 22.0.0.192
Adobe ≫ Flash Player SwPlatformedge Version <= 22.0.0.192
Adobe ≫ Flash Player SwPlatforminternet_explorer Version <= 22.0.0.192
Adobe ≫ Flash Player Version <= 11.2.202.626
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.21% | 0.865 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:P/I:N/A:N
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html
http://www.securitytracker.com/id/1036280
https://access.redhat.com/errata/RHSA-2016:1423
https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093
https://security.gentoo.org/glsa/201607-03
http://www.securityfocus.com/bid/91720