The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft IE

computer vulnerability CVE-2016-3298

Internet Explorer: information disclosure via Microsoft Internet Messaging API

Synthesis of the vulnerability

An attacker can use a vulnerability via Microsoft Internet Messaging API of Internet Explorer, in order to obtain sensitive information.
Impacted products: IE, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: 3196067, CERTFR-2016-AVI-340, CVE-2016-3298, MS16-126, VIGILANCE-VUL-20835.

Description of the vulnerability

The Internet Explorer product can use the Microsoft Internet Messaging API.

However, an attacker can bypass restrictions, to detect the presence of files on victim's system.

An attacker can therefore use a vulnerability via Microsoft Internet Messaging API of Internet Explorer, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-3267 CVE-2016-3298 CVE-2016-3331

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 11.
Creation date: 12/10/2016.
Identifiers: 3192887, 878, 879, CERTFR-2016-AVI-337, CVE-2016-3267, CVE-2016-3298, CVE-2016-3331, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016-3385, CVE-2016-3387, CVE-2016-3388, CVE-2016-3390, CVE-2016-3391, MS16-118, VIGILANCE-VUL-20827, ZDI-16-532, ZDI-16-533, ZDI-16-534.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3331]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3383, ZDI-16-533]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3384, ZDI-16-534]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3382, ZDI-16-532]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3385]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3390]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3387]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3388]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3267]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3391]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3298]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-4273 CVE-2016-4286 CVE-2016-6981

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Edge, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 12/10/2016.
Identifiers: 3194343, APSB16-32, CERTFR-2016-AVI-336, COSIG-2016-35, CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992, MS16-127, openSUSE-SU-2016:2517-1, openSUSE-SU-2016:2519-1, RHSA-2016:2057-01, SUSE-SU-2016:2512-1, VIGILANCE-VUL-20825, ZDI-16-568, ZDI-16-569.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6992]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6981]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6987, ZDI-16-569]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-4286]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4273]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6982]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6983]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6984]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6985]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6986, ZDI-16-568]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6989]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6990]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-4182 CVE-2016-4237 CVE-2016-4238

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 30.
Creation date: 13/09/2016.
Revisions dates: 23/09/2016, 30/09/2016.
Identifiers: 3188128, 857, 858, 859, 861, APSB16-29, CERTFR-2016-AVI-311, CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932, MS16-117, openSUSE-SU-2016:2308-1, openSUSE-SU-2016:2376-1, RHSA-2016:1865-01, SUSE-SU-2016:2312-1, VIGILANCE-VUL-20588, ZDI-16-515, ZDI-16-516.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4182]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4237]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4238]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4287]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4272]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4279, ZDI-16-515]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6921]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6923]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6925]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6926]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6927]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6929]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6930]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6931]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6932]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-4271]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-4277]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-4278]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4274]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4275]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4276, ZDI-16-516]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4280]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4281]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4282]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4283]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4284]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4285]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6922]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6924]

An attacker can bypass security features via navigateToURL(), in order to obtain sensitive information. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-3247 CVE-2016-3291 CVE-2016-3292

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 13/09/2016.
Identifiers: 3183038, CERTFR-2016-AVI-307, CVE-2016-3247, CVE-2016-3291, CVE-2016-3292, CVE-2016-3295, CVE-2016-3297, CVE-2016-3324, CVE-2016-3325, CVE-2016-3351, CVE-2016-3353, CVE-2016-3375, MS16-104, VIGILANCE-VUL-20589, ZDI-16-506, ZDI-16-510, ZDI-16-511, ZDI-16-513.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3247, ZDI-16-513]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3295, ZDI-16-511]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3297]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3324]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-20601). [severity:4/4; CVE-2016-3375]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3292, ZDI-16-510]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3325]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3351]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3291]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3353, ZDI-16-506]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-3288 CVE-2016-3289 CVE-2016-3290

Internet Explorer: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 09/08/2016.
Revision date: 11/08/2016.
Identifiers: 3177356, 827, CERTFR-2016-AVI-268, CVE-2016-3288, CVE-2016-3289, CVE-2016-3290, CVE-2016-3293, CVE-2016-3321, CVE-2016-3322, CVE-2016-3326, CVE-2016-3327, CVE-2016-3329, MS16-095, VIGILANCE-VUL-20345, ZDI-16-450, ZDI-16-452, ZDI-16-454.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3288]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3289, ZDI-16-454]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3290]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3293]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3322, ZDI-16-450]

An attacker can use file:// to detect the presence of a file. [severity:2/4; CVE-2016-3321]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3329]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3326, ZDI-16-452]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3327]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-0187 CVE-2016-0188 CVE-2016-0189

Internet Explorer: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 10/05/2016.
Revision date: 08/08/2016.
Identifiers: 3155533, CERTFR-2016-AVI-169, CVE-2016-0187, CVE-2016-0188, CVE-2016-0189, CVE-2016-0192, CVE-2016-0194, MS16-051, VIGILANCE-VUL-19575, ZDI-16-275, ZDI-16-276.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption in Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0187]

An attacker can generate a memory corruption in Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0189]

An attacker can bypass security features in User Mode Code Integrity, in order to escalate his privileges. [severity:3/4; CVE-2016-0188]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0192, ZDI-16-276]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-0194, ZDI-16-275]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-3204 CVE-2016-3240 CVE-2016-3241

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 15.
Creation date: 12/07/2016.
Identifiers: 3169991, CERTFR-2016-AVI-228, CVE-2016-3204, CVE-2016-3240, CVE-2016-3241, CVE-2016-3242, CVE-2016-3243, CVE-2016-3245, CVE-2016-3248, CVE-2016-3259, CVE-2016-3260, CVE-2016-3261, CVE-2016-3264, CVE-2016-3273, CVE-2016-3274, CVE-2016-3276, CVE-2016-3277, MS16-084, VIGILANCE-VUL-20080, ZDI-16-409, ZDI-16-410, ZDI-16-412.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3240]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3241, ZDI-16-409]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3242, ZDI-16-410]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3243]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3264, ZDI-16-412]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3245]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3204]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3248]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3259]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3260]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3261]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3277]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-3273]

An attacker can spoof the interface. [severity:2/4; CVE-2016-3274]

An attacker can spoof the interface. [severity:2/4; CVE-2016-3276]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-4172 CVE-2016-4173 CVE-2016-4174

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 53.
Creation date: 12/07/2016.
Identifiers: 3174060, 838, 841, 842, 843, 844, 857, 858, APSB16-25, CERTFR-2016-AVI-234, COSIG-2016-20, COSIG-2016-21, COSIG-2016-22, COSIG-2016-23, CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249, CVE-2016-7020, MS16-093, openSUSE-SU-2016:1795-1, openSUSE-SU-2016:1802-1, RHSA-2016:1423-01, SUSE-SU-2016:1826-1, VIGILANCE-VUL-20079, ZDI-16-424, ZDI-16-425, ZDI-16-426, ZDI-16-427, ZDI-16-428.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-4247]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4223, ZDI-16-424]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4224, ZDI-16-428]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4225, ZDI-16-427]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4173]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4174, ZDI-16-426]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4222, ZDI-16-425]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4226]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4227]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4228]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4229]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4230]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4231]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4248]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4249]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4172]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; COSIG-2016-22, CVE-2016-4175]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; COSIG-2016-23, CVE-2016-4179]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4180]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4181]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4182]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4183]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4184]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4185]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4186]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4187]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4188]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4189]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4190]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4217]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4218]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4219]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4220]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4221]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4233]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4234]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4235]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4236]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4237]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4238]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4239]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4240]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4241]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4242]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4243]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4244]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4245]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4246]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:2/4; CVE-2016-4232]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; COSIG-2016-20, CVE-2016-4176]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; COSIG-2016-21, CVE-2016-4177]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-4178]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7020]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-4122 CVE-2016-4123 CVE-2016-4124

Adobe Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Adobe Flash Player.
Impacted products: Flash Player, Edge, IE, Windows 10, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 36.
Creation date: 15/06/2016.
Revisions dates: 17/06/2016, 08/07/2016.
Identifiers: 3167685, 786, 788, 790, 793, APSA16-03, APSB16-18, CERTFR-2016-ALE-004, CERTFR-2016-AVI-213, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171, MS16-083, openSUSE-SU-2016:1621-1, openSUSE-SU-2016:1625-1, RHSA-2016:1238-01, SUSE-SU-2016:1613-1, TALOS-2016-0165, VIGILANCE-VUL-19903, VU#748992.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4144]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4149]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4142]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4143]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4145]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4146]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4147]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4148]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 786, CVE-2016-4135]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 788, CVE-2016-4136]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 793, CVE-2016-4138]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4122]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4123]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4124]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4125]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4127]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4128]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4129]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4130]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4131]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4132, TALOS-2016-0165]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4133]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4134]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 790, CVE-2016-4137]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4141]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4150]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4151]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4152]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4153]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4154]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4155]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4156]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4166]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4171]

An attacker can tamper with search paths, in order to run code. [severity:4/4; CVE-2016-4140]

An attacker can bypass the same origin policy for scripts, for instance in order to get sensitive information. [severity:4/4; CVE-2016-4139]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft IE: