Vulnerability Details : CVE-2016-4117
Public exploit exists!
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
Vulnerability category: Execute code
CVE-2016-4117 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Flash Player Arbitrary Code Execution Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
Added on
2022-03-03
Action due date
2022-03-24
Exploit prediction scoring system (EPSS) score for CVE-2016-4117
Probability of exploitation activity in the next 30 days: 97.37%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-4117
-
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
Disclosure Date: 2016-04-27First seen: 2020-04-26exploit/osx/browser/adobe_flash_delete_range_tl_opThis module exploits a type confusion on Adobe Flash Player, which was originally found being successfully exploited in the wild. This module has been tested successfully on: macOS Sierra 10.12.3, Safari and Adobe Flash Player 21.0.0.182, Firefox and
CVSS scores for CVE-2016-4117
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2016-4117
-
http://rhn.redhat.com/errata/RHSA-2016-1079.html
RHSA-2016:1079 - Security Advisory - Red Hat Customer Portal
-
https://www.exploit-db.com/exploits/46339/
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html
[security-announce] openSUSE-SU-2016:1309-1: important: Security update
-
http://www.securityfocus.com/bid/90505
Adobe Flash Player CVE-2016-4117 Unspecified Remote Code Execution Vulnerability
-
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Adobe Security Bulletin
-
https://security.gentoo.org/glsa/201606-08
Adobe Flash Player: Multiple vulnerabilities (GLSA 201606-08) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
[security-announce] SUSE-SU-2016:1305-1: important: Security update for
-
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
Adobe Security AdvisoryVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html
[security-announce] openSUSE-SU-2016:1308-1: important: Security update
-
http://www.securitytracker.com/id/1035826
Adobe Flash Player Type Confusion Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
[security-announce] openSUSE-SU-2016:1306-1: important: Security update
Products affected by CVE-2016-4117
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel