ID

VAR-201606-0508


CVE

CVE-2016-4171


TITLE

Adobe Flash memory corruption vulnerability

Trust: 0.8

sources: CERT/CC: VU#748992

DESCRIPTION

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. Attack activity using this vulnerability has been confirmed. For more information, APSA16-03 and APSB16-18 Please confirm. APSA16-03 https://helpx.adobe.com/jp/security/products/flash-player/apsa16-03.html APSB16-18 https://helpx.adobe.com/jp/security/products/flash-player/apsb16-18.htmlCrafted SWF Web pages with content, HTML document, PDF File, Microsoft Office An arbitrary code may be executed by opening a document. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Flash Player 21.0.0.242 and prior versions are vulnerable. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2016:1238-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2016:1238 Issue date: 2016-06-17 CVE Names: CVE-2016-4122 CVE-2016-4123 CVE-2016-4124 CVE-2016-4125 CVE-2016-4127 CVE-2016-4128 CVE-2016-4129 CVE-2016-4130 CVE-2016-4131 CVE-2016-4132 CVE-2016-4133 CVE-2016-4134 CVE-2016-4135 CVE-2016-4136 CVE-2016-4137 CVE-2016-4138 CVE-2016-4139 CVE-2016-4140 CVE-2016-4141 CVE-2016-4142 CVE-2016-4143 CVE-2016-4144 CVE-2016-4145 CVE-2016-4146 CVE-2016-4147 CVE-2016-4148 CVE-2016-4149 CVE-2016-4150 CVE-2016-4151 CVE-2016-4152 CVE-2016-4153 CVE-2016-4154 CVE-2016-4155 CVE-2016-4156 CVE-2016-4166 CVE-2016-4171 ===================================================================== 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1346665 - flash-plugin: multiple code execution issues fixed in APSB16-18 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.626-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.626-1.el5_11.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.626-1.el5_11.i386.rpm x86_64: flash-plugin-11.2.202.626-1.el5_11.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.626-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.626-1.el6_8.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.626-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.626-1.el6_8.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.626-1.el6_8.i686.rpm x86_64: flash-plugin-11.2.202.626-1.el6_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4122 https://access.redhat.com/security/cve/CVE-2016-4123 https://access.redhat.com/security/cve/CVE-2016-4124 https://access.redhat.com/security/cve/CVE-2016-4125 https://access.redhat.com/security/cve/CVE-2016-4127 https://access.redhat.com/security/cve/CVE-2016-4128 https://access.redhat.com/security/cve/CVE-2016-4129 https://access.redhat.com/security/cve/CVE-2016-4130 https://access.redhat.com/security/cve/CVE-2016-4131 https://access.redhat.com/security/cve/CVE-2016-4132 https://access.redhat.com/security/cve/CVE-2016-4133 https://access.redhat.com/security/cve/CVE-2016-4134 https://access.redhat.com/security/cve/CVE-2016-4135 https://access.redhat.com/security/cve/CVE-2016-4136 https://access.redhat.com/security/cve/CVE-2016-4137 https://access.redhat.com/security/cve/CVE-2016-4138 https://access.redhat.com/security/cve/CVE-2016-4139 https://access.redhat.com/security/cve/CVE-2016-4140 https://access.redhat.com/security/cve/CVE-2016-4141 https://access.redhat.com/security/cve/CVE-2016-4142 https://access.redhat.com/security/cve/CVE-2016-4143 https://access.redhat.com/security/cve/CVE-2016-4144 https://access.redhat.com/security/cve/CVE-2016-4145 https://access.redhat.com/security/cve/CVE-2016-4146 https://access.redhat.com/security/cve/CVE-2016-4147 https://access.redhat.com/security/cve/CVE-2016-4148 https://access.redhat.com/security/cve/CVE-2016-4149 https://access.redhat.com/security/cve/CVE-2016-4150 https://access.redhat.com/security/cve/CVE-2016-4151 https://access.redhat.com/security/cve/CVE-2016-4152 https://access.redhat.com/security/cve/CVE-2016-4153 https://access.redhat.com/security/cve/CVE-2016-4154 https://access.redhat.com/security/cve/CVE-2016-4155 https://access.redhat.com/security/cve/CVE-2016-4156 https://access.redhat.com/security/cve/CVE-2016-4166 https://access.redhat.com/security/cve/CVE-2016-4171 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://helpx.adobe.com/security/products/flash-player/apsa16-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXY7HIXlSAg2UNWIIRAmytAJ9KBVDAyt7RbmNznJhC6uA9WwA6tACfSNyo /QNQeCm3xe5AByAOnb1Veh0= =5kdV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: <code> # emerge --sync # emerge --ask --oneshot --verbose "www-plugins/adobe-flash-11.2.202.626" References ========== [ 1 ] CVE-2016-1019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019 [ 2 ] CVE-2016-1019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019 [ 3 ] CVE-2016-1019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019 [ 4 ] CVE-2016-4117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117 [ 5 ] CVE-2016-4117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117 [ 6 ] CVE-2016-4120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120 [ 7 ] CVE-2016-4120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120 [ 8 ] CVE-2016-4120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120 [ 9 ] CVE-2016-4121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121 [ 10 ] CVE-2016-4160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160 [ 11 ] CVE-2016-4161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161 [ 12 ] CVE-2016-4162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162 [ 13 ] CVE-2016-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163 [ 14 ] CVE-2016-4171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171 [ 15 ] CVE-2016-4171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171 [ 16 ] CVE-2016-4171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-08 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.97

sources: NVD: CVE-2016-4171 // CERT/CC: VU#748992 // JVNDB: JVNDB-2016-003167 // BID: 91184 // VULHUB: VHN-92990 // VULMON: CVE-2016-4171 // PACKETSTORM: 137517 // PACKETSTORM: 137537

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linux workstationscope:eqversion:5.0

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:12

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:5.0

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:21.0.0.242

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:5.0

Trust: 1.0

vendor:susemodel:linux enterprise workstation extensionscope:eqversion:12

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:18.0.0.352

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.2

Trust: 1.0

vendor:adobemodel:flash player for linuxscope:lteversion:11.2.202.621

Trust: 1.0

vendor:adobemodel: - scope: - version: -

Trust: 0.8

vendor:googlemodel:chromescope: - version: -

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:11.2.202.626 (linux)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:22.0.0.192 (windows 10/8.1 edition microsoft edge/internet explorer 11)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:22.0.0.192 (windows/macintosh/linux/chromeos edition chrome)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:desktop runtime 22.0.0.192 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:continuous support release 18.0.0.360 (windows/macintosh)

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:version 1511 for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:version 1511 for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows 8.1scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 8.1scope:eqversion:for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows rt 8.1scope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows server 2012scope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows server 2012scope:eqversion:r2

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5 x86_64

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6 x86_64

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:5 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:5 x86_64

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6 x86_64

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:5 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:5 x86_64

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6 i386

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6 x86_64

Trust: 0.8

vendor:microsoftmodel:windows 10scope: - version: -

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.1.53.64

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.51.66

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.452

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.3218

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.22.87

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.15.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.36

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.35

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.2460

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.152.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.151.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.124.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.48.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.47.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.45.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.31.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.289.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.283.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.280

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.28.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.277.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.260.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.246.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.159.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.155.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.115.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8.0.35.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8.0.34.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.73.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.70.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.69.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.68.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.67.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.66.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.61.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.60.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.53.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.24.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.19.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.14.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:6.0.79

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:6.0.21.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.235

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.233

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.229

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.228

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.223

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.112.61

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.9

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.63

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.62

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.228

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.0.1.152

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.25

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.23

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.22

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.4

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.34

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.26

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.23

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.22

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.16

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.14

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.159.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.157.51

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.156.12

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.28

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.27

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.25

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.24

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.13

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.153.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.33

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.32

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.85.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.82.76

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.52.15

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.52.14.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.106.16

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.105.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.65

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.64

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.42.34

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.32.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10

Trust: 0.3

sources: CERT/CC: VU#748992 // BID: 91184 // JVNDB: JVNDB-2016-003167 // CNNVD: CNNVD-201606-343 // NVD: CVE-2016-4171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4171
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-4171
value: HIGH

Trust: 0.8

IPA: JVNDB-2016-003167
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201606-343
value: CRITICAL

Trust: 0.6

VULHUB: VHN-92990
value: HIGH

Trust: 0.1

VULMON: CVE-2016-4171
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4171
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2016-4171
severity: HIGH
baseScore: 7.5
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2016-003167
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-92990
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4171
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2016-003167
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CERT/CC: VU#748992 // VULHUB: VHN-92990 // VULMON: CVE-2016-4171 // JVNDB: JVNDB-2016-003167 // CNNVD: CNNVD-201606-343 // NVD: CVE-2016-4171

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2016-4171

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 137537 // CNNVD: CNNVD-201606-343

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201606-343

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003167

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#748992

PATCH

title:APSB16-18url:https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Trust: 0.8

title:APSA16-03url:http://helpx.adobe.com/security/products/flash-player/apsa16-03.html

Trust: 0.8

title:APSB16-18url:https://helpx.adobe.com/jp/security/products/flash-player/apsb16-18.html

Trust: 0.8

title:APSA16-03url:https://helpx.adobe.com/jp/security/products/flash-player/apsa16-03.html

Trust: 0.8

title:5 つのステップで Flash Player を簡単インストールurl:https://helpx.adobe.com/jp/flash-player.html

Trust: 0.8

title:Flash Player のアンインストール | Mac OSurl:https://helpx.adobe.com/jp/flash-player/kb/uninstall-flash-player-mac-os.html

Trust: 0.8

title:Flash Player のアンインストール | Windowsurl:https://helpx.adobe.com/jp/flash-player/kb/uninstall-flash-player-windows.html

Trust: 0.8

title:Chrome Releasesurl:http://googlechromereleases.blogspot.jp/

Trust: 0.8

title:Google Chromeurl:https://www.google.com/intl/ja/chrome/browser/features.html

Trust: 0.8

title:Google Chrome を更新するurl:https://support.google.com/chrome/answer/95414?hl=ja

Trust: 0.8

title:MS16-083url:https://technet.microsoft.com/en-us/library/security/ms16-083.aspx

Trust: 0.8

title:RHSA-2016:1238url:https://access.redhat.com/errata/RHSA-2016:1238

Trust: 0.8

title:MS16-083url:https://technet.microsoft.com/ja-jp/library/security/ms16-083.aspx

Trust: 0.8

title:アドビ システムズ社 Adobe Flash Player の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20160620f.html

Trust: 0.8

title:Adobe Flash Player Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62287

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2016/06/16/adobe_36_flash_flaws/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2016/06/15/east_euro_crims_pwning_high_profile_victims_with_flash_zero_day/

Trust: 0.2

title:Red Hat: CVE-2016-4171url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-4171

Trust: 0.1

title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study

Trust: 0.1

title:Securelisturl:https://securelist.com/kaspersky-security-bulletin-2016-executive-summary/76858/

Trust: 0.1

title:Securelisturl:https://securelist.com/windows-zero-day-exploit-used-in-targeted-attacks-by-fruityarmor-apt/76396/

Trust: 0.1

title:Threatposturl:https://threatpost.com/fruityarmor-apt-group-used-recently-patched-windows-zero-day/121398/

Trust: 0.1

title:Securelisturl:https://securelist.com/it-threat-evolution-in-q2-2016-statistics/75640/

Trust: 0.1

title:Threatposturl:https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/

Trust: 0.1

title:Securelisturl:https://securelist.com/operation-daybreak/75100/

Trust: 0.1

title:Threatposturl:https://threatpost.com/fix-coming-for-flash-vulnerability-under-attack/118652/

Trust: 0.1

sources: VULMON: CVE-2016-4171 // JVNDB: JVNDB-2016-003167 // CNNVD: CNNVD-201606-343

EXTERNAL IDS

db:CERT/CCid:VU#748992

Trust: 3.4

db:NVDid:CVE-2016-4171

Trust: 3.1

db:BIDid:91184

Trust: 2.1

db:SECTRACKid:1036094

Trust: 1.8

db:JVNid:JVNVU99609116

Trust: 0.8

db:JVNDBid:JVNDB-2016-003167

Trust: 0.8

db:CNNVDid:CNNVD-201606-343

Trust: 0.7

db:VULHUBid:VHN-92990

Trust: 0.1

db:VULMONid:CVE-2016-4171

Trust: 0.1

db:PACKETSTORMid:137517

Trust: 0.1

db:PACKETSTORMid:137537

Trust: 0.1

sources: CERT/CC: VU#748992 // VULHUB: VHN-92990 // VULMON: CVE-2016-4171 // BID: 91184 // JVNDB: JVNDB-2016-003167 // PACKETSTORM: 137517 // PACKETSTORM: 137537 // CNNVD: CNNVD-201606-343 // NVD: CVE-2016-4171

REFERENCES

url:https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Trust: 2.7

url:https://helpx.adobe.com/security/products/flash-player/apsa16-03.html

Trust: 2.7

url:https://www.kb.cert.org/vuls/id/748992

Trust: 2.7

url:https://security.gentoo.org/glsa/201606-08

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2016:1238

Trust: 1.9

url:http://www.securityfocus.com/bid/91184

Trust: 1.8

url:http://www.securitytracker.com/id/1036094

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html

Trust: 1.8

url:https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html

Trust: 0.8

url:https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html

Trust: 0.8

url:http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4171

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20160615-adobeflashplayer.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2016/at160026.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99609116/

Trust: 0.8

url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4171

Trust: 0.8

url:http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/topics/?seq=18592

Trust: 0.8

url:http://www.adobe.com

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.theregister.co.uk/2016/06/16/adobe_36_flash_flaws/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4142

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4134

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4124

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4127

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4171

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4133

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4125

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4125

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4144

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4139

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4146

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4156

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4142

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4123

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4131

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4129

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4132

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4166

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4138

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4143

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4141

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4150

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4152

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4122

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4147

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4123

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4131

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4128

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4140

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4147

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4134

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4145

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4128

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4133

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4124

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4127

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4144

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4143

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4130

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4149

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4151

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4138

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4141

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4132

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4130

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4145

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4163

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4117

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4120

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4162

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4117

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4121

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1019

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4161

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4171

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4120

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4171

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4161

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1019

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4162

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4163

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: CERT/CC: VU#748992 // VULHUB: VHN-92990 // VULMON: CVE-2016-4171 // BID: 91184 // JVNDB: JVNDB-2016-003167 // PACKETSTORM: 137517 // PACKETSTORM: 137537 // CNNVD: CNNVD-201606-343 // NVD: CVE-2016-4171

CREDITS

Anton Ivanov and Costin Raiu of Kaspersky Lab

Trust: 0.6

sources: CNNVD: CNNVD-201606-343

SOURCES

db:CERT/CCid:VU#748992
db:VULHUBid:VHN-92990
db:VULMONid:CVE-2016-4171
db:BIDid:91184
db:JVNDBid:JVNDB-2016-003167
db:PACKETSTORMid:137517
db:PACKETSTORMid:137537
db:CNNVDid:CNNVD-201606-343
db:NVDid:CVE-2016-4171

LAST UPDATE DATE

2024-09-09T22:53:05.974000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#748992date:2016-06-16T00:00:00
db:VULHUBid:VHN-92990date:2017-01-11T00:00:00
db:VULMONid:CVE-2016-4171date:2021-11-26T00:00:00
db:BIDid:91184date:2016-07-06T15:01:00
db:JVNDBid:JVNDB-2016-003167date:2016-08-30T00:00:00
db:CNNVDid:CNNVD-201606-343date:2021-09-23T00:00:00
db:NVDid:CVE-2016-4171date:2021-11-26T15:05:09.910

SOURCES RELEASE DATE

db:CERT/CCid:VU#748992date:2016-06-15T00:00:00
db:VULHUBid:VHN-92990date:2016-06-16T00:00:00
db:VULMONid:CVE-2016-4171date:2016-06-16T00:00:00
db:BIDid:91184date:2016-06-14T00:00:00
db:JVNDBid:JVNDB-2016-003167date:2016-06-16T00:00:00
db:PACKETSTORMid:137517date:2016-06-17T23:50:16
db:PACKETSTORMid:137537date:2016-06-18T13:14:00
db:CNNVDid:CNNVD-201606-343date:2016-06-16T00:00:00
db:NVDid:CVE-2016-4171date:2016-06-16T14:59:51.017