CVE-2016-4171

CRITICAL KEV

Adobe Flash Player <21.0.0.242 - RCE

Title source: llm

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

References (12)

Scores

CVSS v3 9.8
EPSS 0.3922
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25
VulnCheck KEV 2016-06-15
InTheWild.io 2016-06-15
ENISA EUVD EUVD-2016-5172
Status published
Products (13)
adobe/flash_player < 11.2.202.621
adobe/flash_player < 18.0.0.352
adobe/flash_player < 21.0.0.242 (3 CPE variants)
opensuse/opensuse 13.1
opensuse/opensuse 13.2
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_server 5.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_workstation 5.0
... and 3 more
Published Jun 16, 2016
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026