CVE-2016-4171: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2022-04-15

Exploited in the wild

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

Affected

13 ranges

Vendor	Product	Version range	Fixed in
adobe	flash_player	<= 11.2.202.621	—
adobe	flash_player	<= 21.0.0.242	—
adobe	flash_player	<= 18.0.0.352	—
opensuse	opensuse	—	—
opensuse	opensuse	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_workstation	—	—
redhat	enterprise_linux_workstation	—	—
suse	linux_enterprise_desktop	—	—
suse	linux_enterprise_workstation_extension	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL

vulncheck9.8CRITICAL

cisa9.8CRITICAL