ID

VAR-201606-0487


CVE

CVE-2016-4137


TITLE

Microsoft Internet Explorer and Microsoft Edge of Adobe Flash Used in library Adobe Flash Player Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2016-003248

DESCRIPTION

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. This case MS16-083 This is a different vulnerability than the other vulnerabilities listed on the list.It may be affected unspecified. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The former is the default browser included with operating systems prior to Windows 10; the latter is the default browser included with Windows 10, the latest operating system. in the United States. The former is a multimedia player product library; the latter is a cross-platform, browser-based multimedia player product. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1238-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1238 Issue date: 2016-06-17 CVE Names: CVE-2016-4122 CVE-2016-4123 CVE-2016-4124 CVE-2016-4125 CVE-2016-4127 CVE-2016-4128 CVE-2016-4129 CVE-2016-4130 CVE-2016-4131 CVE-2016-4132 CVE-2016-4133 CVE-2016-4134 CVE-2016-4135 CVE-2016-4136 CVE-2016-4137 CVE-2016-4138 CVE-2016-4139 CVE-2016-4140 CVE-2016-4141 CVE-2016-4142 CVE-2016-4143 CVE-2016-4144 CVE-2016-4145 CVE-2016-4146 CVE-2016-4147 CVE-2016-4148 CVE-2016-4149 CVE-2016-4150 CVE-2016-4151 CVE-2016-4152 CVE-2016-4153 CVE-2016-4154 CVE-2016-4155 CVE-2016-4156 CVE-2016-4166 CVE-2016-4171 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. This update upgrades Flash Player to version 11.2.202.626. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1346665 - flash-plugin: multiple code execution issues fixed in APSB16-18 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.626-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.626-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.626-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.626-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.626-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.626-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.626-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.626-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.626-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.626-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4122 https://access.redhat.com/security/cve/CVE-2016-4123 https://access.redhat.com/security/cve/CVE-2016-4124 https://access.redhat.com/security/cve/CVE-2016-4125 https://access.redhat.com/security/cve/CVE-2016-4127 https://access.redhat.com/security/cve/CVE-2016-4128 https://access.redhat.com/security/cve/CVE-2016-4129 https://access.redhat.com/security/cve/CVE-2016-4130 https://access.redhat.com/security/cve/CVE-2016-4131 https://access.redhat.com/security/cve/CVE-2016-4132 https://access.redhat.com/security/cve/CVE-2016-4133 https://access.redhat.com/security/cve/CVE-2016-4134 https://access.redhat.com/security/cve/CVE-2016-4135 https://access.redhat.com/security/cve/CVE-2016-4136 https://access.redhat.com/security/cve/CVE-2016-4137 https://access.redhat.com/security/cve/CVE-2016-4138 https://access.redhat.com/security/cve/CVE-2016-4139 https://access.redhat.com/security/cve/CVE-2016-4140 https://access.redhat.com/security/cve/CVE-2016-4141 https://access.redhat.com/security/cve/CVE-2016-4142 https://access.redhat.com/security/cve/CVE-2016-4143 https://access.redhat.com/security/cve/CVE-2016-4144 https://access.redhat.com/security/cve/CVE-2016-4145 https://access.redhat.com/security/cve/CVE-2016-4146 https://access.redhat.com/security/cve/CVE-2016-4147 https://access.redhat.com/security/cve/CVE-2016-4148 https://access.redhat.com/security/cve/CVE-2016-4149 https://access.redhat.com/security/cve/CVE-2016-4150 https://access.redhat.com/security/cve/CVE-2016-4151 https://access.redhat.com/security/cve/CVE-2016-4152 https://access.redhat.com/security/cve/CVE-2016-4153 https://access.redhat.com/security/cve/CVE-2016-4154 https://access.redhat.com/security/cve/CVE-2016-4155 https://access.redhat.com/security/cve/CVE-2016-4156 https://access.redhat.com/security/cve/CVE-2016-4166 https://access.redhat.com/security/cve/CVE-2016-4171 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://helpx.adobe.com/security/products/flash-player/apsa16-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXY7HIXlSAg2UNWIIRAmytAJ9KBVDAyt7RbmNznJhC6uA9WwA6tACfSNyo /QNQeCm3xe5AByAOnb1Veh0= =5kdV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.16

sources: NVD: CVE-2016-4137 // JVNDB: JVNDB-2016-003248 // BID: 91250 // VULHUB: VHN-92956 // VULMON: CVE-2016-4137 // PACKETSTORM: 137517

AFFECTED PRODUCTS

vendor:adobemodel:flash player desktop runtimescope:lteversion:21.0.0.242

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:5.0

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:12

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:21.0.0.242

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:5.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:5.0

Trust: 1.0

vendor:susemodel:linux enterprise workstation extensionscope:eqversion:12

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:11.2.202.621

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:18.0.0.352

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.2

Trust: 1.0

vendor:googlemodel:chromescope: - version: -

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:11.2.202.626 (linux)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:22.0.0.192 (windows 10/8.1 edition microsoft edge/internet explorer 11)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:22.0.0.192 (windows/macintosh/linux/chromeos edition chrome)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:desktop runtime 22.0.0.192 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:continuous support release 18.0.0.360 (windows/macintosh)

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:version 1511 for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:version 1511 for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows 8.1scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 8.1scope:eqversion:for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows rt 8.1scope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows server 2012scope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows server 2012scope:eqversion:r2

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5 x86_64

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6 x86_64

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:5 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:5 x86_64

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6 x86_64

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:5 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:5 x86_64

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6 x86_64

Trust: 0.8

vendor:applemodel:mac os xscope: - version: -

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.1.53.64

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.51.66

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.452

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.3218

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.22.87

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.15.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.36

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.35

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:6.0.21.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.235

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.233

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.229

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.228

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.223

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.112.61

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.9

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.63

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.62

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.228

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.0.1.152

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.25

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.23

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.22

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.4

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.34

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.26

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.23

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.22

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.16

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.14

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.159.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.157.51

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.156.12

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.28

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.27

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.25

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.24

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.13

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.153.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.33

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.32

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.85.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.82.76

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.52.15

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.52.14.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.106.16

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.105.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.65

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.64

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.42.34

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.32.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10

Trust: 0.3

sources: BID: 91250 // JVNDB: JVNDB-2016-003248 // CNNVD: CNNVD-201606-401 // NVD: CVE-2016-4137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4137
value: HIGH

Trust: 1.0

NVD: CVE-2016-4137
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201606-401
value: HIGH

Trust: 0.6

VULHUB: VHN-92956
value: HIGH

Trust: 0.1

VULMON: CVE-2016-4137
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4137
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-92956
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4137
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-4137
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-92956 // VULMON: CVE-2016-4137 // JVNDB: JVNDB-2016-003248 // CNNVD: CNNVD-201606-401 // NVD: CVE-2016-4137

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2016-4137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-401

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201606-401

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003248

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2016-4137

PATCH

title:APSB16-18url:http://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Trust: 0.8

title:APSB16-18url:https://helpx.adobe.com/jp/security/products/flash-player/apsb16-18.html

Trust: 0.8

title:Google Chrome を更新するurl:https://support.google.com/chrome/answer/95414?hl=ja

Trust: 0.8

title:Google Chromeurl:https://www.google.com/intl/ja/chrome/browser/features.html

Trust: 0.8

title:Chrome Releasesurl:http://googlechromereleases.blogspot.jp/

Trust: 0.8

title:MS16-083url:https://technet.microsoft.com/en-us/library/security/ms16-083.aspx

Trust: 0.8

title:RHSA-2016:1238url:https://access.redhat.com/errata/RHSA-2016:1238

Trust: 0.8

title:MS16-083url:https://technet.microsoft.com/ja-jp/library/security/ms16-083.aspx

Trust: 0.8

title:アドビ システムズ社 Adobe Flash Player の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20160620f.html

Trust: 0.8

title:Microsoft Internet Explorer and Microsoft Edge Adobe Flash Player Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62330

Trust: 0.6

title:Red Hat: CVE-2016-4137url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-4137

Trust: 0.1

title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study

Trust: 0.1

sources: VULMON: CVE-2016-4137 // JVNDB: JVNDB-2016-003248 // CNNVD: CNNVD-201606-401

EXTERNAL IDS

db:NVDid:CVE-2016-4137

Trust: 3.0

db:SECTRACKid:1036117

Trust: 1.8

db:EXPLOIT-DBid:40089

Trust: 1.8

db:JVNDBid:JVNDB-2016-003248

Trust: 0.8

db:CNNVDid:CNNVD-201606-401

Trust: 0.7

db:BIDid:91250

Trust: 0.4

db:PACKETSTORMid:137824

Trust: 0.1

db:VULHUBid:VHN-92956

Trust: 0.1

db:VULMONid:CVE-2016-4137

Trust: 0.1

db:PACKETSTORMid:137517

Trust: 0.1

sources: VULHUB: VHN-92956 // VULMON: CVE-2016-4137 // BID: 91250 // JVNDB: JVNDB-2016-003248 // PACKETSTORM: 137517 // CNNVD: CNNVD-201606-401 // NVD: CVE-2016-4137

REFERENCES

url:https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Trust: 1.9

url:https://www.exploit-db.com/exploits/40089/

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2016:1238

Trust: 1.9

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083

Trust: 1.8

url:http://www.securitytracker.com/id/1036117

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4137

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20160615-adobeflashplayer.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2016/at160026.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4137

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/topics/?seq=18592

Trust: 0.8

url:http://www.adobe.com

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-4137

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.securityfocus.com/bid/91250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4142

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4134

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4124

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4127

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4171

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4133

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4125

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4125

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4144

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4139

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4146

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4156

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4142

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4123

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4131

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4129

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4132

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4166

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4138

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4143

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4141

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4150

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4152

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4122

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4147

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4123

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4131

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4128

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4140

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4147

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4134

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4145

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4128

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4133

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4124

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4127

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4144

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4143

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4130

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4149

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4151

Trust: 0.1

url:https://helpx.adobe.com/security/products/flash-player/apsa16-03.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4138

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4141

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4132

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4130

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4145

Trust: 0.1

sources: VULHUB: VHN-92956 // VULMON: CVE-2016-4137 // BID: 91250 // JVNDB: JVNDB-2016-003248 // PACKETSTORM: 137517 // CNNVD: CNNVD-201606-401 // NVD: CVE-2016-4137

CREDITS

willJ of Tencent PC Manager, Aleksandar Nikolic of Cisco Talos, kelvinwang of Tencent PC Manager, Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero, LMX of the Qihoo 360 Codesafe Team and Wen Guanxing from Pangu LAB.

Trust: 0.3

sources: BID: 91250

SOURCES

db:VULHUBid:VHN-92956
db:VULMONid:CVE-2016-4137
db:BIDid:91250
db:JVNDBid:JVNDB-2016-003248
db:PACKETSTORMid:137517
db:CNNVDid:CNNVD-201606-401
db:NVDid:CVE-2016-4137

LAST UPDATE DATE

2024-08-14T13:32:19.107000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-92956date:2021-11-19T00:00:00
db:VULMONid:CVE-2016-4137date:2021-11-19T00:00:00
db:BIDid:91250date:2016-07-06T15:01:00
db:JVNDBid:JVNDB-2016-003248date:2016-08-30T00:00:00
db:CNNVDid:CNNVD-201606-401date:2021-09-23T00:00:00
db:NVDid:CVE-2016-4137date:2021-11-19T11:25:46.667

SOURCES RELEASE DATE

db:VULHUBid:VHN-92956date:2016-06-16T00:00:00
db:VULMONid:CVE-2016-4137date:2016-06-16T00:00:00
db:BIDid:91250date:2016-06-16T00:00:00
db:JVNDBid:JVNDB-2016-003248date:2016-06-20T00:00:00
db:PACKETSTORMid:137517date:2016-06-17T23:50:16
db:CNNVDid:CNNVD-201606-401date:2016-06-17T00:00:00
db:NVDid:CVE-2016-4137date:2016-06-16T14:59:18.480