Vulnerability Change Records for CVE-2016-4271

Change History

CVE Modified by Source 9/30/2016 9:59:05 PM

Action Type Old Value New Value
Changed Description
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278.
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a "local-with-filesystem Flash sandbox bypass" issue.
Added Reference

								
							
							
						
http://lab.truel.it/flash-sandbox-bypass/

Modified Analysis 10/04/2016 11:17:26 AM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:11.2.202.632:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Configuration 2
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:18.0.0.366:*:*:*:esr:*:*:* (and previous)
          OR
               cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
               cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Configuration 3
     AND
          OR
               cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:* (and previous)
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:edge:*:* (and previous)
Configuration 4
     AND
          OR
               cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:* (and previous)
Configuration 5
     AND
          OR
               cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:*:*:* (and previous)
Configuration 6
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:chrome:*:* (and previous)
          OR
               cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
               cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
               cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Configuration 1
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:18.0.0.366:*:*:*:esr:*:*:* (and previous)
          OR
               cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
               cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Configuration 2
     AND
          OR
               cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:* (and previous)
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:edge:*:* (and previous)
Configuration 3
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:chrome:*:* (and previous)
          OR
               cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
               cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
               cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Configuration 4
     AND
          OR
               cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:*:*:* (and previous)
Configuration 5
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:11.2.202.632:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Configuration 6
     AND
          OR
               cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:* (and previous)
Changed Reference Type
http://lab.truel.it/flash-sandbox-bypass/ No Types Assigned
http://lab.truel.it/flash-sandbox-bypass/ Third Party Advisory, Technical Description

Initial CVE Analysis 9/15/2016 10:34:49 AM

Action Type Old Value New Value

CVE Modified by MITRE 5/04/2017 9:29:00 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://blog.bjornweb.nl/2017/02/flash-bypassing-local-sandbox-data-exfiltration-credentials-leak/ [No Types Assigned]

CVE Translated 10/01/2016 2:45:02 AM

Action Type Old Value New Value
Added Translation

								
							
							
						
Adobe Flash Player en versiones anteriores a 18.0.0.375 y 19.x hasta la versión 23.x en versiones anteriores a 23.0.0.162 en Windows y SO X y en versiones anteriores a 11.2.202.635 en Linux permite a atacantes eludir restricciones destinadas al acceso y obtener información sensible a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-4277 y CVE-2016-4278, vulnerabilidad también conocida como un problema "local-with-filesystem Flash sandbox bypass".
Removed Translation
Adobe Flash Player en versiones anteriores a 18.0.0.375 y 19.x hasta la versión 23.x en versiones anteriores a 23.0.0.162 en Windows y OS X y en versiones anteriores a 11.2.202.635 en Linux permite a atacantes eludir restricciones destinadas al acceso y obtener información sensible a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-4277 y CVE-2016-4278.

								
						

Modified Analysis 9/15/2016 10:38:11 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:11.2.202.632:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Configuration 2
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:18.0.0.366:*:*:*:esr:*:*:* (and previous)
          OR
               cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
               cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Configuration 3
     AND
          OR
               cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:* (and previous)
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:edge:*:* (and previous)
Configuration 4
     AND
          OR
               cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:* (and previous)
Configuration 5
     AND
          OR
               cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:*:*:* (and previous)
Configuration 6
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:chrome:*:* (and previous)
          OR
               cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
               cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
               cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Added CWE

								
							
							
						
CWE-200
Changed Reference Type
https://helpx.adobe.com/security/products/flash-player/apsb16-29.html No Types Assigned
https://helpx.adobe.com/security/products/flash-player/apsb16-29.html Vendor Advisory

CVE Modified by MITRE 6/30/2017 9:29:45 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201610-10 [No Types Assigned]

CVE Modified by MITRE 1/04/2018 9:30:51 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-1865.html [No Types Assigned]

CVE Modified by MITRE 8/12/2017 9:29:10 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1036791 [No Types Assigned]