CVE-2016-4176

HIGH

Adobe Flash Player <18.0.0.366,19.x-22.x - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4176. PoCs published by COSIG.

AI-analyzed exploit summary This is a writeup detailing CVE-2016-4176, a vulnerability in Adobe Flash Player that allows remote code execution via a crafted SWF file with invalid 'TAG' data. The document includes technical details, a report timeline, and references to external PoC files.

Description

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4177.

Exploits (1)

exploitdb WRITEUP VERIFIED

by COSIG · textdosmultiple

https://www.exploit-db.com/exploits/40105

View Code ZIP pw:eip

This is a writeup detailing CVE-2016-4176, a vulnerability in Adobe Flash Player that allows remote code execution via a crafted SWF file with invalid 'TAG' data. The document includes technical details, a report timeline, and references to external PoC files.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Flash Player 22.0.0.192 and earlier

No auth needed

Prerequisites: User interaction required (visiting a malicious webpage or opening a crafted SWF file)

MITRE ATT&CK