CVE-2016-4273 — Vulnetix

CVE-2016-4273 PUBLISHED

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.

EPSS 54.83% · 98.1th percentile

Risk Scores

EPSS Score

54.83%

98.1th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	flashplugin-nonfree	0, 11.2.202.540ubuntu2, 11.2.202.559ubuntu1
Ubuntu:14.04:LTS	flashplugin-nonfree	11.2.202.406ubuntu0.14.04.1, 11.2.202.406ubuntu0.14.04.2, 11.2.202.424ubuntu0.14.04.1

Exploit Intelligence

https://www.exploit-db.com/exploits/40510/ (nist-nvd)
Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption (0day-today)
Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption (0day-today)

Timeline

Oct 12, 2016 PoC Published
Oct 13, 2016 CVE Published
Feb 4, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 16, 2023 EPSS Score
Aug 4, 2023 EPSS Score
Oct 29, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-4273 third-party-advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-4273 third-party-advisory

Open in Interactive Console →