CVE-2016-4138

CRITICAL

Adobe Flash Player <21.0.0.242 - Unknown Vuln

Title source: llm

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/40090

View Code ZIP pw:eip

References (8)

[Broken Link, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html

[Broken Link, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html

[Broken Link, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036117

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2016:1238

[Patch, Third Party Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083

[Vendor Advisory] https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/40090/

Scores

CVSS v3 9.8

EPSS 0.6071

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (15)

adobe/flash_player

adobe/flash_player < 11.2.202.621

adobe/flash_player < 18.0.0.352

adobe/flash_player < 21.0.0.242 (3 CPE variants)

adobe/flash_player_desktop_runtime < 21.0.0.242

opensuse/opensuse 13.1

opensuse/opensuse 13.2

redhat/enterprise_linux_desktop 5.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 5.0

... and 5 more

Published Jun 16, 2016

Tracked Since Feb 18, 2026