CVE-2016-4166

Published: Jun 16, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Affected (6)

Products: Adobe: Flash Player Desktop Runtime, Flash Player

2 products

Flash Player Desktop Runtime

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player Desktop Runtime	Up to 21.0.0.242

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 18.0.0.352

Configuration C

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 21.0.0.242

Running on/with	Platform Versions
Apple Mac Os X	All versions
Google Chrome Os	All versions
Microsoft Windows	All versions

Configuration D

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 21.0.0.242
Adobe Flash Player	Up to 21.0.0.242

Running on/with	Platform Versions
Microsoft Windows 10	All versions
Microsoft Windows 8.1	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 11.2.202.621

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html

Source: psirt@adobe.com

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html

Source: psirt@adobe.com

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html

Source: psirt@adobe.com

Broken Link

http://www.securitytracker.com/id/1036117

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1238

Source: psirt@adobe.com

Third Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083

Source: psirt@adobe.com

PatchThird Party Advisory

https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Source: psirt@adobe.com

PatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securitytracker.com/id/1036117

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1238

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.