CVE-2016-4171

EUVD-2016-5172
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
adobeflash_player
𝑥
≤ 11.2.202.621
adobeflash_player
𝑥
≤ 21.0.0.242
adobeflash_player
𝑥
≤ 21.0.0.242
adobeflash_player
𝑥
≤ 21.0.0.242
adobeflash_player
𝑥
≤ 18.0.0.352
adobeflash_player
𝑥
≤ 21.0.0.242
adobeflash_player
𝑥
≤ 21.0.0.242
redhatenterprise_linux_desktop
5.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
5.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
5.0
redhatenterprise_linux_workstation
6.0
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
precise
Fixed 1:20160616.1-0ubuntu0.12.04.1
released
trusty
Fixed 1:20160616.1-0ubuntu0.14.04.1
released
wily
Fixed 1:20160616.1-0ubuntu0.15.10.1
released
xenial
Fixed 1:20160616.1-0ubuntu0.16.04.1
released
flashplugin-nonfree
precise
Fixed 11.2.202.626ubuntu0.12.04.1
released
trusty
Fixed 11.2.202.626ubuntu0.14.04.1
released
wily
Fixed 11.2.202.626ubuntu0.15.10.1
released
xenial
Fixed 11.2.202.626ubuntu0.16.04.1
released
References
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html
http://www.securityfocus.com/bid/91184
http://www.securitytracker.com/id/1036094
https://access.redhat.com/errata/RHSA-2016:1238
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
https://security.gentoo.org/glsa/201606-08
https://www.kb.cert.org/vuls/id/748992
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html
http://www.securityfocus.com/bid/91184
http://www.securitytracker.com/id/1036094
https://access.redhat.com/errata/RHSA-2016:1238
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
https://security.gentoo.org/glsa/201606-08
https://www.kb.cert.org/vuls/id/748992
https://github.com/cisagov/vulnrichment/issues/196
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4171