Buffer overflow in Adobe Flash_player
CVE-2016-4155
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than…
Vulnerability class: Buffer Overflow
EPSS: 0.042 (89.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 1036117 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK, Broken Link)
- MS16-083 (x_refsource_MS, vendor-advisory, Patch, Third Party Advisory)
- openSUSE-SU-2016:1625 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE, Broken Link)
- RHSA-2016:1238 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- openSUSE-SU-2016:1621 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE, Broken Link)
- SUSE-SU-2016:1613 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE, Broken Link)
- psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
Frequently asked questions
- What is CVE-2016-4155?
- CVE-2016-4155 is a high-severity vulnerability in Adobe Flash_player, classified under Out-of-bounds Write. CVSS score: 8.8/10. Published 2016-06-16.
- How severe is CVE-2016-4155?
- High severity. CVSS v3 base score is 8.8 out of 10.
- Is CVE-2016-4155 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.