CVE-2016-4117 - Vulnerability Details

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since March 3, 2022.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Adobe	Flash Player
Opensuse	Evergreen Opensuse
Redhat	Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server From Rhui Enterprise Linux Workstation Rhel Extras
Suse	Linux Enterprise Desktop Linux Enterprise Workstation Extension

Configuration 1 [-]

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:evergreen:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5 Supplementary
flash-plugin-0:11.2.202.621-1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2016:1079	2016-05-13T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
flash-plugin-0:11.2.202.621-1.el6_8	cpe:/a:redhat:rhel_extras:6	RHSA-2016:1079	2016-05-13T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html
http://rhn.redhat.com/errata/RHSA-2016-1079.html
http://www.securityfocus.com/bid/90505
http://www.securitytracker.com/id/1035826
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
https://nvd.nist.gov/vuln/detail/CVE-2016-4117
https://security.gentoo.org/glsa/201606-08
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2016-4117
https://www.exploit-db.com/exploits/46339/

History

Tue, 04 Feb 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-03'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 00:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2016-05-11T01:00:00.000Z

Updated: 2025-02-04T21:45:17.292Z

Reserved: 2016-04-27T00:00:00.000Z

Link: CVE-2016-4117

Vulnrichment

Updated: 2024-08-06T00:17:30.984Z

NVD

Status : Deferred

Published: 2016-05-11T01:59:46.137

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-4117

Redhat

Severity : Critical

Publid Date: 2016-05-10T00:00:00Z

Links: CVE-2016-4117 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-02-12T10:57:01.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "GLSA-201606-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201606-08"}, {"name": "openSUSE-SU-2016:1309", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html"}, {"name": "SUSE-SU-2016:1305", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"}, {"name": "1035826", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035826"}, {"name": "46339", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46339/"}, {"name": "openSUSE-SU-2016:1306", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"}, {"name": "openSUSE-SU-2016:1308", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"}, {"name": "90505", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/90505"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html"}, {"name": "RHSA-2016:1079", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2016-4117", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201606-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201606-08"}, {"name": "openSUSE-SU-2016:1309", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html"}, {"name": "SUSE-SU-2016:1305", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"}, {"name": "1035826", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035826"}, {"name": "46339", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46339/"}, {"name": "openSUSE-SU-2016:1306", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"}, {"name": "openSUSE-SU-2016:1308", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html"}, {"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"}, {"name": "90505", "refsource": "BID", "url": "http://www.securityfocus.com/bid/90505"}, {"name": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html"}, {"name": "RHSA-2016:1079", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:17:30.984Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201606-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201606-08"}, {"name": "openSUSE-SU-2016:1309", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html"}, {"name": "SUSE-SU-2016:1305", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"}, {"name": "1035826", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035826"}, {"name": "46339", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46339/"}, {"name": "openSUSE-SU-2016:1306", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"}, {"name": "openSUSE-SU-2016:1308", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"}, {"name": "90505", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/90505"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html"}, {"name": "RHSA-2016:1079", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2016-4117", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T21:35:26.284827Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-4117"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:45:17.292Z"}}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2016-4117", "datePublished": "2016-05-11T01:00:00.000Z", "dateReserved": "2016-04-27T00:00:00.000Z", "dateUpdated": "2025-02-04T21:45:17.292Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.gentoo.org/glsa/201606-08", "name": "GLSA-201606-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html", "name": "openSUSE-SU-2016:1309", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html", "name": "SUSE-SU-2016:1305", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1035826", "name": "1035826", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/46339/", "name": "46339", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html", "name": "openSUSE-SU-2016:1306", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html", "name": "openSUSE-SU-2016:1308", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/90505", "name": "90505", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html", "name": "RHSA-2016:1079", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:17:30.984Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2016-4117", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T21:35:26.284827Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-4117"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:35:33.315Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-10T00:00:00.000Z", "references": [{"url": "https://security.gentoo.org/glsa/201606-08", "name": "GLSA-201606-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html", "name": "openSUSE-SU-2016:1309", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html", "name": "SUSE-SU-2016:1305", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.securitytracker.com/id/1035826", "name": "1035826", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "https://www.exploit-db.com/exploits/46339/", "name": "46339", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html", "name": "openSUSE-SU-2016:1306", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html", "name": "openSUSE-SU-2016:1308", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/90505", "name": "90505", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html", "name": "RHSA-2016:1079", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2019-02-12T10:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://security.gentoo.org/glsa/201606-08", "name": "GLSA-201606-08", "refsource": "GENTOO"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html", "name": "openSUSE-SU-2016:1309", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html", "name": "SUSE-SU-2016:1305", "refsource": "SUSE"}, {"url": "http://www.securitytracker.com/id/1035826", "name": "1035826", "refsource": "SECTRACK"}, {"url": "https://www.exploit-db.com/exploits/46339/", "name": "46339", "refsource": "EXPLOIT-DB"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html", "name": "openSUSE-SU-2016:1306", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html", "name": "openSUSE-SU-2016:1308", "refsource": "SUSE"}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/90505", "name": "90505", "refsource": "BID"}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html", "name": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html", "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html", "name": "RHSA-2016:1079", "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-4117", "STATE": "PUBLIC", "ASSIGNER": "psirt@adobe.com"}}}}, "cveMetadata": {"cveId": "CVE-2016-4117", "state": "PUBLISHED", "dateUpdated": "2025-02-04T21:45:17.292Z", "dateReserved": "2016-04-27T00:00:00.000Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2016-05-11T01:00:00.000Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-03-24", "cisaExploitAdd": "2022-03-03", "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.", "cisaVulnerabilityName": "Adobe Flash Player Arbitrary Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1C74EF5-8D72-403B-AA35-F5D4FCA3BFE0", "versionEndIncluding": "21.0.0.226", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8821E5FE-319D-40AB-A515-D56C1893E6F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0AE981D4-0CA1-46FA-8E91-E1A4D5B31383", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "CCE4D64E-8C4B-4F21-A9B0-90637C85C1D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "ED540469-C4DD-485D-9B89-6877B2A74217", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016."}, {"lang": "es", "value": "Adobe Flash Player 21.0.0.226 y versiones anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, seg\u00fan se ha explotado activamente en Mayo de 2016."}], "id": "CVE-2016-4117", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2016-05-11T01:59:46.137", "references": [{"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/90505"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1035826"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201606-08"}, {"source": "psirt@adobe.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46339/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/90505"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1035826"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201606-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46339/"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:1079", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "flash-plugin-0:11.2.202.621-1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2016-05-13T00:00:00Z"}, {"advisory": "RHSA-2016:1079", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "flash-plugin-0:11.2.202.621-1.el6_8", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2016-05-13T00:00:00Z"}], "bugzilla": {"description": "flash-plugin: multiple code execution issues fixed in APSB16-15", "id": "1335058", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335058"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016."], "name": "CVE-2016-4117", "public_date": "2016-05-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-4117\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4117\nhttps://helpx.adobe.com/security/products/flash-player/apsa16-02.html\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-15.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object