Vulnerability Details : CVE-2016-4117
Public exploit exists!
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
Vulnerability category: Execute code
Products affected by CVE-2016-4117
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
CVE-2016-4117 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Flash Player Arbitrary Code Execution Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2016-4117
Added on
2022-03-03
Action due date
2022-03-24
Exploit prediction scoring system (EPSS) score for CVE-2016-4117
97.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-4117
-
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
Disclosure Date: 2016-04-27First seen: 2020-04-26exploit/osx/browser/adobe_flash_delete_range_tl_opThis module exploits a type confusion on Adobe Flash Player, which was originally found being successfully exploited in the wild. This module has been tested successfully on: macOS Sierra 10.12.3, Safari and Adobe Flash Player 21.0.0.182, Firefox and
CVSS scores for CVE-2016-4117
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-16 |
References for CVE-2016-4117
-
http://rhn.redhat.com/errata/RHSA-2016-1079.html
RHSA-2016:1079 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.exploit-db.com/exploits/46339/
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html
[security-announce] openSUSE-SU-2016:1309-1: important: Security updateMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/90505
Adobe Flash Player CVE-2016-4117 Unspecified Remote Code Execution VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Adobe Security BulletinBroken Link
-
https://security.gentoo.org/glsa/201606-08
Adobe Flash Player: Multiple vulnerabilities (GLSA 201606-08) — Gentoo securityThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
[security-announce] SUSE-SU-2016:1305-1: important: Security update forMailing List;Third Party Advisory
-
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
Adobe Security AdvisoryBroken Link;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html
[security-announce] openSUSE-SU-2016:1308-1: important: Security updateMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1035826
Adobe Flash Player Type Confusion Flaw Lets Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
[security-announce] openSUSE-SU-2016:1306-1: important: Security updateMailing List;Third Party Advisory
Jump to