Sign-up

ID

VAR-201606-0511


CVE

CVE-2016-4126


TITLE

Microsoft Internet Explorer and Microsoft Edge of Adobe Flash Used in library Adobe Flash Player Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2016-003237

DESCRIPTION

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. This case MS16-083 This is a different vulnerability than the other vulnerabilities listed on the list.It may be affected unspecified. Adobe AIR is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Adobe AIR 21.0.0.215 and prior are vulnerable. The former is the default browser included with operating systems prior to Windows 10; the latter is the default browser included with Windows 10, the latest operating system. in the United States. The former is a multimedia player product library; the latter is a cross-platform, browser-based multimedia player product

Trust: 2.07

sources: NVD: CVE-2016-4126 // JVNDB: JVNDB-2016-003237 // BID: 91252 // VULHUB: VHN-92945 // VULMON: CVE-2016-4126

AFFECTED PRODUCTS

vendor:adobemodel:air desktop runtimescope:lteversion:21.0.0.215

Trust: 1.0

vendor:googlemodel:chromescope: - version: -

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:11.2.202.626 (linux)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:22.0.0.192 (windows 10/8.1 edition microsoft edge/internet explorer 11)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:22.0.0.192 (windows/macintosh/linux/chromeos edition chrome)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:desktop runtime 22.0.0.192 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:continuous support release 18.0.0.360 (windows/macintosh)

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:version 1511 for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 10scope:eqversion:version 1511 for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows 8.1scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 8.1scope:eqversion:for x64-based systems

Trust: 0.8

vendor:microsoftmodel:windows rt 8.1scope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows server 2012scope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows server 2012scope:eqversion:r2

Trust: 0.8

vendor:adobemodel:flash player for linuxscope:eqversion:11.2.202.621

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:21.0.0.242

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:18.0.0.352

Trust: 0.6

vendor:adobemodel:airscope:eqversion:2.0.4

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9130

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9120

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.2.0.2080

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.2.0.2070

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.1.0.4880

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.0

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7.1.1961

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6.19140

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6.19120

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.5.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2.12610

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.01

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.0

Trust: 0.3

sources: BID: 91252 // JVNDB: JVNDB-2016-003237 // NVD: CVE-2016-4126 // CNNVD: CNNVD-201606-390

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-4126
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201606-390
value: HIGH

Trust: 0.6

VULHUB: VHN-92945
value: HIGH

Trust: 0.1

VULMON: CVE-2016-4126
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2016-4126
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

VULHUB: VHN-92945
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-4126
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-92945 // VULMON: CVE-2016-4126 // JVNDB: JVNDB-2016-003237 // NVD: CVE-2016-4126 // CNNVD: CNNVD-201606-390

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2016-4126

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-390

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201606-390

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-4126

PATCH
title:APSB16-18url:http://helpx.adobe.com/security/products/flash-player/apsb16-18.html
Trust: 0.8
title:APSB16-18url:https://helpx.adobe.com/jp/security/products/flash-player/apsb16-18.html
Trust: 0.8
title:Google Chrome を更新するurl:https://support.google.com/chrome/answer/95414?hl=ja
Trust: 0.8
title:Google Chromeurl:https://www.google.com/intl/ja/chrome/browser/features.html
Trust: 0.8
title:Chrome Releasesurl:http://googlechromereleases.blogspot.jp/
Trust: 0.8
title:MS16-083url:https://technet.microsoft.com/en-us/library/security/ms16-083.aspx
Trust: 0.8
title:MS16-083url:https://technet.microsoft.com/ja-jp/library/security/ms16-083.aspx
Trust: 0.8
title:アドビ システムズ社 Adobe Flash Player の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20160620f.html
Trust: 0.8
title:Microsoft Internet Explorer  and Microsoft Edge Adobe Flash Player Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62319
Trust: 0.6
title: - url:https://github.com/live-hack-cve/cve-2016-4126 
Trust: 0.1
title:CVE-Studyurl:https://github.com/thdusdl1219/cve-study 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-4126 // 
            
            
            
            JVNDB: JVNDB-2016-003237 // 
            
            
            
            CNNVD: CNNVD-201606-390

EXTERNAL IDS
db:NVDid:CVE-2016-4126
Trust: 2.9
db:JVNDBid:JVNDB-2016-003237
Trust: 0.8
db:CNNVDid:CNNVD-201606-390
Trust: 0.7
db:BIDid:91252
Trust: 0.5
db:VULHUBid:VHN-92945
Trust: 0.1
db:VULMONid:CVE-2016-4126
Trust: 0.1
sources:
            
            
            VULHUB: VHN-92945 // 
            
            
            
            VULMON: CVE-2016-4126 // 
            
            
            
            BID: 91252 // 
            
            
            
            JVNDB: JVNDB-2016-003237 // 
            
            
            
            NVD: CVE-2016-4126 // 
            
            
            
            CNNVD: CNNVD-201606-390

REFERENCES
url:https://helpx.adobe.com/security/products/air/apsb16-23.html
Trust: 1.8
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4126
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20160615-adobeflashplayer.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2016/at160026.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4126
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/topics/?seq=18592
Trust: 0.8
url:http://www.adobe.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2016-4126
Trust: 0.1
url:https://www.securityfocus.com/bid/91252
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-92945 // 
            
            
            
            VULMON: CVE-2016-4126 // 
            
            
            
            BID: 91252 // 
            
            
            
            JVNDB: JVNDB-2016-003237 // 
            
            
            
            NVD: CVE-2016-4126 // 
            
            
            
            CNNVD: CNNVD-201606-390

CREDITS
Alec Blance
Trust: 0.3
sources:
            
            
            BID: 91252

SOURCES
db:VULHUBid:VHN-92945
db:VULMONid:CVE-2016-4126
db:BIDid:91252
db:JVNDBid:JVNDB-2016-003237
db:NVDid:CVE-2016-4126
db:CNNVDid:CNNVD-201606-390

LAST UPDATE DATE
2023-12-18T13:03:17.985000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-92945date:2023-01-26T00:00:00
db:VULMONid:CVE-2016-4126date:2023-01-26T00:00:00
db:BIDid:91252date:2016-07-06T15:01:00
db:JVNDBid:JVNDB-2016-003237date:2016-06-20T00:00:00
db:NVDid:CVE-2016-4126date:2023-01-26T20:57:43.693
db:CNNVDid:CNNVD-201606-390date:2021-09-23T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-92945date:2016-06-16T00:00:00
db:VULMONid:CVE-2016-4126date:2016-06-16T00:00:00
db:BIDid:91252date:2016-06-16T00:00:00
db:JVNDBid:JVNDB-2016-003237date:2016-06-20T00:00:00
db:NVDid:CVE-2016-4126date:2016-06-16T14:59:07.230
db:CNNVDid:CNNVD-201606-390date:2016-06-17T00:00:00