CVE-2016-4117
Last modified
CVE-2016-4117 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.. CISA has confirmed active exploitation in the wild. EPSS estimates a 94.35% chance of exploitation in the next 30 days.
Description
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | <= 21.0.0.226 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 5.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server From Rhui | 5.0 |
| Redhat | Enterprise Linux Server From Rhui | 6.0 |
| Redhat | Enterprise Linux Workstation | 5.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Opensuse | Evergreen | 11.4 |
| Opensuse | Opensuse | 13.1 |
| Opensuse | Opensuse | 13.2 |
| Suse | Linux Enterprise Desktop | 12 |
| Suse | Linux Enterprise Workstation Extension | 12 |
References
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.htmlMailing List, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1079.htmlThird Party Advisory
- http://www.securityfocus.com/bid/90505Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1035826Broken Link, Third Party Advisory, VDB Entry
- https://helpx.adobe.com/security/products/flash-player/apsa16-02.htmlBroken Link, Vendor Advisory
- https://security.gentoo.org/glsa/201606-08Third Party Advisory
- https://www.exploit-db.com/exploits/46339/Exploit, Third Party Advisory, VDB Entry
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.htmlMailing List, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1079.htmlThird Party Advisory
- http://www.securityfocus.com/bid/90505Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1035826Broken Link, Third Party Advisory, VDB Entry
- https://helpx.adobe.com/security/products/flash-player/apsa16-02.htmlBroken Link, Vendor Advisory
- https://security.gentoo.org/glsa/201606-08Third Party Advisory
- https://www.exploit-db.com/exploits/46339/Exploit, Third Party Advisory, VDB Entry
- https://github.com/cisagov/vulnrichment/issues/196Issue Tracking
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4117US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2016-4117?
How severe is CVE-2016-4117?
How do I fix CVE-2016-4117?
Are you affected by CVE-2016-4117?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST