CVE-2016-4225

Description

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224.

References

Link	Tags
http://www.zerodayinitiative.com/advisories/ZDI-16-427	vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html	broken link third party advisory vendor advisory
https://security.gentoo.org/glsa/201607-03	third party advisory vendor advisory
http://www.securityfocus.com/bid/91718	vdb entry third party advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html	broken link third party advisory vendor advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-25.html	patch vendor advisory
https://access.redhat.com/errata/RHSA-2016:1423	third party advisory vendor advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093	third party advisory patch vendor advisory
http://www.securitytracker.com/id/1036280	vdb entry third party advisory broken link

Frequently Asked Questions

What is the severity of CVE-2016-4225?: CVE-2016-4225 has been scored as a high severity vulnerability.
How to fix CVE-2016-4225?: To fix CVE-2016-4225, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2016-4225 being actively exploited in the wild?: It is possible that CVE-2016-4225 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~6% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-843 – Access of Resource Using Incompatible Type ('Type Confusion')

References

Frequently Asked Questions