PT-2016-2425 · Adobe+3 · Flash Player+3

Published

2016-07-12

·

Updated

2023-01-20

·

CVE-2016-4178

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.366 Adobe Flash Player versions 19.x through 22.x before 22.0.0.209 Adobe Flash Player version before 11.2.202.632 on Linux
Description The issue is related to the lack of protection for internal data in the Flash Player platform. It allows a remote attacker to bypass existing access restrictions or obtain confidential information. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations For Adobe Flash Player versions prior to 18.0.0.366, update to version 18.0.0.366 or later. For Adobe Flash Player versions 19.x through 22.x before 22.0.0.209, update to version 22.0.0.209 or later. For Adobe Flash Player version before 11.2.202.632 on Linux, update to version 11.2.202.632 or later.

Fix

Incorrect Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-200

Related Identifiers

ALT-PU-2016-1766
BDU:2016-01815
CVE-2016-4178
MGASA-2016-0251
OPENSUSE-SU-2016_1795-1
OPENSUSE-SU-2016_1802-1
RHSA-2016:1423
RHSA-2016_1423
SUSE-SU-2016:1826-1

Affected Products

Alt Linux
Flash Player
Red Hat
Suse