CVE-2016-4179

HIGH

Adobe Flash Player <18.0.0.366, 19.x-22.x - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4179. PoCs published by COSIG.

AI-analyzed exploit summary This is a writeup detailing CVE-2016-4179, a vulnerability in Adobe Flash Player that allows remote code execution via a crafted SWF file with invalid 'DefineBitsJPEG2' data. The document includes technical details and references to external PoC files.

Description

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Exploits (1)

exploitdb WRITEUP VERIFIED

by COSIG · textdosmultiple

https://www.exploit-db.com/exploits/40102

View Code ZIP pw:eip

This is a writeup detailing CVE-2016-4179, a vulnerability in Adobe Flash Player that allows remote code execution via a crafted SWF file with invalid 'DefineBitsJPEG2' data. The document includes technical details and references to external PoC files.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Flash Player 22.0.0.192 and earlier

No auth needed

Prerequisites: User interaction required to visit a malicious webpage or open a crafted SWF file

MITRE ATT&CK