CVE-2016-4177

HIGH

Adobe Flash Player <18.0.0.366,19.x-22.x - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4177. PoCs published by COSIG.

AI-analyzed exploit summary This is a writeup detailing CVE-2016-4177, a vulnerability in Adobe Flash Player that allows remote code execution via a crafted SWF file with invalid 'SceneAndFrameData'. The PoC is referenced but not included in the text.

Description

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4176.

Exploits (1)

exploitdb WRITEUP VERIFIED

by COSIG · textdosmultiple

https://www.exploit-db.com/exploits/40104

View Code ZIP pw:eip

This is a writeup detailing CVE-2016-4177, a vulnerability in Adobe Flash Player that allows remote code execution via a crafted SWF file with invalid 'SceneAndFrameData'. The PoC is referenced but not included in the text.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Flash Player 22.0.0.192 and earlier

No auth needed

Prerequisites: User interaction (visiting a malicious webpage or opening a crafted SWF file)

MITRE ATT&CK