CVE-2016-4171

CRITICAL KEV

Adobe Flash Player <21.0.0.242 - RCE

Title source: llm

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

References (12)

Scores

CVSS v3 9.8
EPSS 0.5054
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-03-25
VulnCheck KEV 2016-06-15
InTheWild.io 2016-06-15
ENISA EUVD EUVD-2016-5172

Classification

Status draft

Affected Products (17)

adobe/flash_player < 11.2.202.621
adobe/flash_player < 21.0.0.242
adobe/flash_player < 21.0.0.242
adobe/flash_player < 18.0.0.352
adobe/flash_player < 21.0.0.242
redhat/enterprise_linux_desktop
redhat/enterprise_linux_desktop
redhat/enterprise_linux_server
redhat/enterprise_linux_server
redhat/enterprise_linux_workstation
redhat/enterprise_linux_workstation
opensuse/opensuse
opensuse/opensuse
suse/linux_enterprise_desktop
suse/linux_enterprise_desktop
... and 2 more

Timeline

Published Jun 16, 2016
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026