CVE-2016-4273

HIGH

Adobe Flash Player <18.0.0.382,19.x-23.x - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4273. PoCs published by COSIG.

AI-analyzed exploit summary This is a vulnerability advisory for CVE-2016-4273, detailing an out-of-bounds memory corruption in Adobe Flash Player that could lead to remote code execution. The advisory includes technical details and references to PoC files but does not contain exploit code itself.

Description

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.

Exploits (1)

exploitdb WRITEUP VERIFIED

by COSIG · textdosmultiple

https://www.exploit-db.com/exploits/40510

View Code ZIP pw:eip

This is a vulnerability advisory for CVE-2016-4273, detailing an out-of-bounds memory corruption in Adobe Flash Player that could lead to remote code execution. The advisory includes technical details and references to PoC files but does not contain exploit code itself.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Flash Player 23.0.0.162 and earlier

No auth needed

Prerequisites: User interaction required (visiting a malicious webpage or opening a crafted SWF file)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201610-10

Patch, Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/flash-player/apsb16-32.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40510/

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/93490

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-2057.html

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036985

Scores

CVSS v3 8.8

EPSS 0.1990

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (4)

adobe/flash_player < 11.2.202.635

adobe/flash_player < 18.0.0.375

adobe/flash_player < 23.0.0.162 (3 CPE variants)

adobe/flash_player_desktop_runtime < 23.0.0.162

Published Oct 13, 2016

Tracked Since Feb 18, 2026