⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: The impacted product is end-of-life and should be disconnected if still in use..

CVE-2016-4117

11 documents10 sources
Severity
9.8CRITICAL
EPSS
93.1%
top 0.21%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
9
Adobe Flash PlayerOpensuse EvergreenOpensuse Opensuse+6 more
Timeline
PublishedMay 11
KEV addedMar 3
KEV dueMar 24
Latest updateMay 14
CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

NVDadobe/flash_player21.0.0.226
Ubuntuflashplugin-nonfree< 11.2.202.621ubuntu0.14.04.1+1
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Enterprise Linux 5.0, 6.0

🔴Vulnerability Details

4
GHSA
GHSA-pg3m-fww2-6vrj: Adobe Flash Player 212022-05-14
OSV
CVE-2016-4117: Adobe Flash Player 212016-05-11
CVEList
CVE-2016-4117: Adobe Flash Player 212016-05-11
VulnCheck
Adobe Flash Player Arbitrary Code Execution Vulnerability2016

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)2019-02-11

📋Vendor Advisories

2
CISA
Adobe Flash Player Arbitrary Code Execution Vulnerability2022-03-03
Red Hat
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-10

🕵️Threat Intelligence

2
Qualys
Update: Patch Tuesday May 2016 | Qualys2016-05-12
Qualys
Update: Patch Tuesday May 2016 | Qualys2016-05-12

💬Community

1
Bugzilla
flash-plugin: multiple code execution issues fixed in APSB16-152016-05-11
CVE-2016-4117 (CRITICAL CVSS 9.8) | Adobe Flash Player 21.0.0.226 and e | cvebase.io