Vulnerability Note VU#748992
Adobe Flash memory corruption vulnerability
Adobe Flash contains an unspecified vulnerability that is currently being exploited in the wild.
Adobe Flash Player 184.108.40.206 and earlier contain an unspecified vulnerability that an allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability is being exploited in the wild. Please see Adobe Security Advisory APSA16-03 for more details.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), PDF file, Microsoft Office document, or any other document that supports embedded SWF content, an attacker may be able to execute arbitrary code. The vulnerability reportedly affects Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh, Linux, and Chrome OS.
Apply an update
This issue is addressed in Flash Player versions 18.104.22.168, 22.214.171.1240, and 126.96.36.1996. Please see Adobe Security Bulletin APSB16-18 for more details.
Disable flash in your web browser
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||-||16 Jun 2016|
CVSS Metrics (Learn More)
This vulnerability was reported by Adobe, who in turn credits Anton Ivanov and Costin Raiu of Kaspersky Lab.
This document was written by Will Dormann.
- CVE IDs: CVE-2016-4171
- Date Public: 14 Jun 2016
- Date First Published: 15 Jun 2016
- Date Last Updated: 16 Jun 2016
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.