CVE-2016-4117

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html
http://rhn.redhat.com/errata/RHSA-2016-1079.html
http://www.securityfocus.com/bid/90505
http://www.securitytracker.com/id/1035826
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html	Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
https://security.gentoo.org/glsa/201606-08
https://www.exploit-db.com/exploits/46339/

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:google:chrome_os::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:microsoft:windows::::::::

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-05-11 01:59

Updated : 2023-12-10 11:46

NVD link : CVE-2016-4117

Mitre link : CVE-2016-4117

CVE.ORG link : CVE-2016-4117

JSON object : View

Products Affected

apple

mac_os_x

linux

linux_kernel

adobe

flash_player

google

chrome_os

microsoft

windows

CWE

NVD-CWE-noinfo

{"id": "CVE-2016-4117", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2016-05-11T01:59:46.137", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html", "source": "psirt@adobe.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html", "source": "psirt@adobe.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html", "source": "psirt@adobe.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html", "source": "psirt@adobe.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-1079.html", "source": "psirt@adobe.com"}, {"url": "http://www.securityfocus.com/bid/90505", "source": "psirt@adobe.com"}, {"url": "http://www.securitytracker.com/id/1035826", "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsa16-02.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-15.html", "source": "psirt@adobe.com"}, {"url": "https://security.gentoo.org/glsa/201606-08", "source": "psirt@adobe.com"}, {"url": "https://www.exploit-db.com/exploits/46339/", "source": "psirt@adobe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016."}, {"lang": "es", "value": "Adobe Flash Player 21.0.0.226 y versiones anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, seg\u00fan se ha explotado activamente en Mayo de 2016."}], "lastModified": "2019-02-12T11:29:00.267", "cisaActionDue": "2022-03-24", "cisaExploitAdd": "2022-03-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"}, {"criteria": "cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5ACCACAF-7BD6-4C0A-8E6A-67E13D5E341D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}, {"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1C74EF5-8D72-403B-AA35-F5D4FCA3BFE0", "versionEndIncluding": "21.0.0.226"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@adobe.com", "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.", "cisaVulnerabilityName": "Adobe Flash Player Arbitrary Code Execution Vulnerability"}