CVE-2016-4117

CRITICAL KEV RANSOMWARE

Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion

Title source: metasploit

Description

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteosx

https://www.exploit-db.com/exploits/46339

View Code ZIP pw:eip

nomisec WRITEUP 1 stars

by amit-raut · poc

https://github.com/amit-raut/CVE-2016-4117-Report

View Code ZIP pw:eip

gitlab WRITEUP

by amit-raut · poc

https://gitlab.com/amit-raut/CVE-2016-4117-Report

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Genwei Jiang, bcook-r7 · rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/adobe_flash_delete_range_tl_op.rb

View Code ZIP pw:eip

References (13)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-1079.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/90505

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035826

[Broken Link, Vendor Advisory] https://helpx.adobe.com/security/products/flash-player/apsa16-02.html

[Broken Link] https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

[Third Party Advisory] https://security.gentoo.org/glsa/201606-08

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46339/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4117

[Issue Tracking] https://github.com/cisagov/vulnrichment/issues/196

Scores

CVSS v3 9.8

EPSS 0.9293

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-03

VulnCheck KEV 2016-05-08

InTheWild.io 2016-05-08

ENISA EUVD EUVD-2016-5118

Ransomware Use Confirmed

Status published

Products (14)

adobe/flash_player < 21.0.0.226

opensuse/evergreen 11.4

opensuse/opensuse 13.1

opensuse/opensuse 13.2

redhat/enterprise_linux_desktop 5.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 5.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server_from_rhui 5.0

redhat/enterprise_linux_server_from_rhui 6.0

... and 4 more

Published May 11, 2016

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026