CVE-2016-4279

Published: Sep 14, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.

Affected (6)

Products: Adobe: Flash Player, Flash Player Desktop Runtime

2 products

Flash Player Desktop Runtime

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 11.2.202.632

Configuration B

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 22.0.0.211
Adobe Flash Player	Up to 22.0.0.211

Running on/with	Platform Versions
Microsoft Windows 10	All versions
Microsoft Windows 8.1	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player Desktop Runtime	Up to 22.0.0.211

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 18.0.0.366

Configuration E

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 22.0.0.211

Running on/with	Platform Versions
Apple Mac Os X	All versions
Google Chrome Os	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (10)

http://rhn.redhat.com/errata/RHSA-2016-1865.html

Source: psirt@adobe.com

Third Party Advisory

http://www.securityfocus.com/bid/92927

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036791

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsb16-29.html

Source: psirt@adobe.com

PatchVendor Advisory

https://security.gentoo.org/glsa/201610-10

Source: psirt@adobe.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1865.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/92927

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036791

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsb16-29.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://security.gentoo.org/glsa/201610-10

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.