⚠ Actively exploited

Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: The impacted product is end-of-life and should be disconnected if still in use..

CVE-2016-4171

12 documents10 sources

Severity

9.8CRITICAL

EPSS

56.5%

top 1.88%

CISA KEV

KEV

Added 2022-03-25

Due 2022-04-15

Exploit

Exploited in wild

Active exploitation observed

Affected products

Adobe Flash Player Opensuse Opensuse Redhat Enterprise Linux Desktop +4 more

Timeline

PublishedJun 16

KEV addedMar 25

KEV dueApr 15

Latest updateMay 13

CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDadobe/flash_player11.2.202.621+2

▶Ubuntuflashplugin-nonfree< 11.2.202.626ubuntu0.14.04.1+1

▶NVDopensuse/opensuse13.1, 13.2+1

▶NVDsuse/linux_enterprise_desktop12

▶NVDredhat/enterprise_linux_server5.0, 6.0+1

🔴Vulnerability Details

GHSA

GHSA-mgfm-9xxf-m8pm: Unspecified vulnerability in Adobe Flash Player 21↗2022-05-13

▶

OSV

CVE-2016-4171: Unspecified vulnerability in Adobe Flash Player 21↗2016-06-16

▶

CVEList

CVE-2016-4171: Unspecified vulnerability in Adobe Flash Player 21↗2016-06-16

▶

VulnCheck

Adobe Flash Player Remote Code Execution Vulnerability↗2016

▶

📋Vendor Advisories

CISA

Adobe Flash Player Remote Code Execution Vulnerability↗2022-03-25

▶

Red Hat

flash-plugin: multiple code execution issues fixed in APSB16-18↗2016-06-14

▶

🕵️Threat Intelligence

Qualys

Patch Tuesday June 2016 | Qualys↗2016-06-14

▶

Qualys

Patch Tuesday June 2016 | Qualys↗2016-06-14

▶

💬Community

Bugzilla

flash-plugin: multiple code execution issues fixed in APSB16-18↗2016-06-15

▶