ID

VAR-201606-0511


CVE

CVE-2016-4126


TITLE

Microsoft Internet Explorer and Microsoft Edge of Adobe Flash Used in library Adobe Flash Player Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2016-003237

DESCRIPTION

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. This case MS16-083 This is a different vulnerability than the other vulnerabilities listed on the list.It may be affected unspecified. Adobe AIR is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Adobe AIR 21.0.0.215 and prior are vulnerable. The former is the default browser included with operating systems prior to Windows 10; the latter is the default browser included with Windows 10, the latest operating system. in the United States. The former is a multimedia player product library; the latter is a cross-platform, browser-based multimedia player product

Trust: 2.07

sources: NVD: CVE-2016-4126 // JVNDB: JVNDB-2016-003237 // BID: 91252 // VULHUB: VHN-92945 // VULMON: CVE-2016-4126

AFFECTED PRODUCTS

vendor:adobemodel:air desktop runtimescope:lteversion:21.0.0.215

Trust: 1.0

vendor:googlemodel:chromescope: - version: -

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:11.2.202.626 (linux)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:22.0.0.192 (windows 10/8.1 edition microsoft edge/internet explorer 11)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:22.0.0.192 (windows/macintosh/linux/chromeos edition chrome)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:desktop runtime 22.0.0.192 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:continuous support release 18.0.0.360 (windows/macintosh)

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:version 1511 for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:version 1511 for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows 8.1scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 8.1scope:eqversion:for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows rt 8.1scope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows server 2012scope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows server 2012scope:eqversion:r2

Trust: 0.8

vendor:adobemodel:flash player for linuxscope:eqversion:11.2.202.621

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:21.0.0.242

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:18.0.0.352

Trust: 0.6

vendor:adobemodel:airscope:eqversion:2.0.4

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9130

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9120

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.2.0.2080

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.2.0.2070

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.1.0.4880

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.0

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7.1.1961

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6.19140

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6.19120

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.5.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2.12610

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.01

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.0

Trust: 0.3

sources: BID: 91252 // JVNDB: JVNDB-2016-003237 // CNNVD: CNNVD-201606-390 // NVD: CVE-2016-4126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4126
value: HIGH

Trust: 1.0

NVD: CVE-2016-4126
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201606-390
value: HIGH

Trust: 0.6

VULHUB: VHN-92945
value: HIGH

Trust: 0.1

VULMON: CVE-2016-4126
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4126
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-92945
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4126
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-4126
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-92945 // VULMON: CVE-2016-4126 // JVNDB: JVNDB-2016-003237 // CNNVD: CNNVD-201606-390 // NVD: CVE-2016-4126

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2016-4126

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-390

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201606-390

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003237

PATCH

title:APSB16-18url:http://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Trust: 0.8

title:APSB16-18url:https://helpx.adobe.com/jp/security/products/flash-player/apsb16-18.html

Trust: 0.8

title:Google Chrome を更新するurl:https://support.google.com/chrome/answer/95414?hl=ja

Trust: 0.8

title:Google Chromeurl:https://www.google.com/intl/ja/chrome/browser/features.html

Trust: 0.8

title:Chrome Releasesurl:http://googlechromereleases.blogspot.jp/

Trust: 0.8

title:MS16-083url:https://technet.microsoft.com/en-us/library/security/ms16-083.aspx

Trust: 0.8

title:MS16-083url:https://technet.microsoft.com/ja-jp/library/security/ms16-083.aspx

Trust: 0.8

title:アドビ システムズ社 Adobe Flash Player の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20160620f.html

Trust: 0.8

title:Microsoft Internet Explorer and Microsoft Edge Adobe Flash Player Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62319

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2016-4126

Trust: 0.1

title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study

Trust: 0.1

sources: VULMON: CVE-2016-4126 // JVNDB: JVNDB-2016-003237 // CNNVD: CNNVD-201606-390

EXTERNAL IDS

db:NVDid:CVE-2016-4126

Trust: 2.9

db:JVNDBid:JVNDB-2016-003237

Trust: 0.8

db:CNNVDid:CNNVD-201606-390

Trust: 0.7

db:BIDid:91252

Trust: 0.5

db:VULHUBid:VHN-92945

Trust: 0.1

db:VULMONid:CVE-2016-4126

Trust: 0.1

sources: VULHUB: VHN-92945 // VULMON: CVE-2016-4126 // BID: 91252 // JVNDB: JVNDB-2016-003237 // CNNVD: CNNVD-201606-390 // NVD: CVE-2016-4126

REFERENCES

url:https://helpx.adobe.com/security/products/air/apsb16-23.html

Trust: 1.8

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4126

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20160615-adobeflashplayer.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2016/at160026.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4126

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/topics/?seq=18592

Trust: 0.8

url:http://www.adobe.com

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2016-4126

Trust: 0.1

url:https://www.securityfocus.com/bid/91252

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-92945 // VULMON: CVE-2016-4126 // BID: 91252 // JVNDB: JVNDB-2016-003237 // CNNVD: CNNVD-201606-390 // NVD: CVE-2016-4126

CREDITS

Alec Blance

Trust: 0.3

sources: BID: 91252

SOURCES

db:VULHUBid:VHN-92945
db:VULMONid:CVE-2016-4126
db:BIDid:91252
db:JVNDBid:JVNDB-2016-003237
db:CNNVDid:CNNVD-201606-390
db:NVDid:CVE-2016-4126

LAST UPDATE DATE

2024-08-14T14:46:22.420000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-92945date:2023-01-26T00:00:00
db:VULMONid:CVE-2016-4126date:2023-01-26T00:00:00
db:BIDid:91252date:2016-07-06T15:01:00
db:JVNDBid:JVNDB-2016-003237date:2016-06-20T00:00:00
db:CNNVDid:CNNVD-201606-390date:2021-09-23T00:00:00
db:NVDid:CVE-2016-4126date:2023-01-26T20:57:43.693

SOURCES RELEASE DATE

db:VULHUBid:VHN-92945date:2016-06-16T00:00:00
db:VULMONid:CVE-2016-4126date:2016-06-16T00:00:00
db:BIDid:91252date:2016-06-16T00:00:00
db:JVNDBid:JVNDB-2016-003237date:2016-06-20T00:00:00
db:CNNVDid:CNNVD-201606-390date:2016-06-17T00:00:00
db:NVDid:CVE-2016-4126date:2016-06-16T14:59:07.230