9.3

CVE-2016-4287

Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeFlash Player Version <= 11.2.202.632
   LinuxLinux Kernel Version-
AdobeFlash Player SwPlatformedge Version <= 22.0.0.211
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player SwPlatforminternet_explorer Version <= 22.0.0.211
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player Desktop Runtime Version <= 22.0.0.211
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player SwEditionesr Version <= 18.0.0.366
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformchrome Version <= 22.0.0.211
   ApplemacOS X Version-
   GoogleChrome Os Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.68% 0.853
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://www.securitytracker.com/id/1036791
Third Party Advisory
Broken Link
VDB Entry