CVE-2016-4117

CRITICAL KEV RANSOMWARE

Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion

Title source: metasploit

Description

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

Exploits (4)

nomisec WRITEUP 1 stars

by amit-raut · poc

https://github.com/amit-raut/CVE-2016-4117-Report

View Code ZIP pw:eip

gitlab WRITEUP

by amit-raut · poc

https://gitlab.com/amit-raut/CVE-2016-4117-Report

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteosx

https://www.exploit-db.com/exploits/46339

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Genwei Jiang, bcook-r7 · rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/adobe_flash_delete_range_tl_op.rb

View Code ZIP pw:eip

References (13)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-1079.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/90505

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035826

[Broken Link, Vendor Advisory] https://helpx.adobe.com/security/products/flash-player/apsa16-02.html

[Broken Link] https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

[Third Party Advisory] https://security.gentoo.org/glsa/201606-08

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46339/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4117

[Issue Tracking] https://github.com/cisagov/vulnrichment/issues/196

Scores

CVSS v3 9.8

EPSS 0.9305

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-03-03

VulnCheck KEV 2016-05-08

InTheWild.io 2016-05-08

ENISA EUVD EUVD-2016-5118

Ransomware Use Confirmed

Classification

Status draft

Affected Products (16)

adobe/flash_player < 21.0.0.226

redhat/enterprise_linux_desktop

redhat/enterprise_linux_server

redhat/enterprise_linux_server_from_rhui

redhat/enterprise_linux_workstation

opensuse/evergreen

opensuse/opensuse

suse/linux_enterprise_desktop

suse/linux_enterprise_workstation_extension

... and 1 more

Timeline

Published May 11, 2016

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026