CVE-2016-4286 : Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.

Published 2016-10-13 19:59:05

Updated 2025-04-12 10:46:41

Source Adobe Systems Incorporated

View at NVD, CVE.org

Products affected by CVE-2016-4286

Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Adobe » Flash Player » ESR Edition
Versions up to, including, (<=) 18.0.0.375
cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » For Edge
Versions up to, including, (<=) 23.0.0.162
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 8.1 » Version: N/A
Adobe » Flash Player » For Linux
Versions up to, including, (<=) 11.2.202.635
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:linux:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Adobe » Flash Player » For Chrome
Versions up to, including, (<=) 23.0.0.162
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Google » Chrome Os
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows
Adobe » Flash Player » For Internet Explorer
Versions up to, including, (<=) 23.0.0.162
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 8.1 » Version: N/A
Adobe » Flash Player Desktop Runtime
Versions up to, including, (<=) 23.0.0.162
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows

Exploit prediction scoring system (EPSS) score for CVE-2016-4286

EPSS FAQ

2.42%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-4286

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-4286

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-4286

http://www.securityfocus.com/bid/93497

Adobe Flash Player CVE-2016-4286 Unspecified Security Bypass Vulnerability
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-2057.html

RHSA-2016:2057 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201610-10

Adobe Flash Player: Multiple vulnerabilities (GLSA 201610-10) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1036985

Adobe Flash Player Multiple Flaws Let Remote Users Bypass Security Restrictions and Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-4286

Products affected by CVE-2016-4286

Exploit prediction scoring system (EPSS) score for CVE-2016-4286

CVSS scores for CVE-2016-4286

CWE ids for CVE-2016-4286

References for CVE-2016-4286