Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdobe Air Desktop Runtime
APPAdobe≤ 21.0.0.176Adobe Air Sdk
APPAdobe≤ 21.0.0.176Adobe Air Sdk \& Compiler
APPAdobe≤ 21.0.0.176Adobe Flash Player
APPAdobe≤ 11.2.202.577≤ 18.0.0.333≤ 21.0.0.197Adobe Flash Player Desktop Runtime
APPAdobe≤ 21.0.0.197Apple iOS
OSApplewszystkie wersjeApple Mac Os X
OSApplewszystkie wersjeGoogle Android
OSGooglewszystkie wersjeGoogle Chrome Os
OSGooglewszystkie wersjeLinux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersjeMicrosoft Windows 10
OSMicrosoftwszystkie wersjeMicrosoft Windows 8.1
OSMicrosoftwszystkie wersje
CISA KEV — detailsi
- Vendori
- Adobe ↗
- Producti
- Flash Player
- Added to KEVi
- March 3, 2022
- Remediation deadline (US Federal)i
- March 24, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Required action (CISA)i
The impacted product is end-of-life and should be disconnected if still in use.
CISA descriptioni
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARE⏰CISA DEADLINE: 24 marca 2022
Tags
RCEDoS
References
Related vulnerabilities
CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach