CVE-2016-4160

Published: Jun 16, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.

Affected (9)

Products: Adobe: Flash Player, Air Sdk & Compiler, Air Sdk, Flash Player Desktop Runtime, Air Desktop Runtime

5 products

Flash Player Desktop Runtime

Air Desktop Runtime

Configuration A

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 21.0.0.241
Adobe Flash Player	Up to 21.0.0.241

Running on/with	Platform Versions
Microsoft Windows 10	All versions
Microsoft Windows 8.1	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 18.0.0.343

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Air Sdk & Compiler	Up to 21.0.0.198

Configuration D

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Air Sdk	Up to 21.0.0.198

Running on/with	Platform Versions
Apple Iphone Os	All versions
Google Android	All versions

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 11.2.202.616

Configuration F

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 21.0.0.216

Running on/with	Platform Versions
Google Chrome Os	All versions
Linux Linux Kernel	All versions

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player Desktop Runtime	Up to 21.0.0.226

Configuration H

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Air Desktop Runtime	Up to 21.0.0.198

Running on/with	Platform Versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (8)

http://rhn.redhat.com/errata/RHSA-2016-1079.html

Source: psirt@adobe.com

Third Party Advisory

http://www.securityfocus.com/bid/90618

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

Source: psirt@adobe.com

PatchVendor Advisory

https://security.gentoo.org/glsa/201606-08

Source: psirt@adobe.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1079.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/90618

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://security.gentoo.org/glsa/201606-08

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.