CVE-2016-4171

CRITICAL KEV

Adobe Flash Player <21.0.0.242 - RCE

Title source: llm

Exploitation Summary

CVE-2016-4171 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022.

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

References (12)

Core 12

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201606-08

Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/flash-player/apsa16-03.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://www.kb.cert.org/vuls/id/748992

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2016:1238

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036094

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/91184

Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4171

Issue Tracking

https://github.com/cisagov/vulnrichment/issues/196

Scores

CVSS v3 9.8

EPSS 0.4416

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-25

VulnCheck KEV 2016-06-15

InTheWild.io 2016-06-15

ENISA EUVD EUVD-2016-5172

Status published

Products (13)

adobe/flash_player < 11.2.202.621

adobe/flash_player < 18.0.0.352

adobe/flash_player < 21.0.0.242 (3 CPE variants)

opensuse/opensuse 13.1

opensuse/opensuse 13.2

redhat/enterprise_linux_desktop 5.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 5.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 5.0

... and 3 more

Published Jun 16, 2016

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026