CVE-2016-4108

high-risk
Published 2016-05-11

Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

Do I need to act?

!
65.6% chance of exploitation in next 30 days
EPSS score — higher than 34% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
39830
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / HIGH complexity

Affected Products (4)

Affected Vendors

Adobe Microsoft

References (14)

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
http://packetstormsecurity.com/files/137058/Adobe-Flash-addProperty-Use-After-Fr...
http://rhn.redhat.com/errata/RHSA-2016-1079.html
http://www.securitytracker.com/id/1035827
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-06...
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
https://www.exploit-db.com/exploits/39830/
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
http://packetstormsecurity.com/files/137058/Adobe-Flash-addProperty-Use-After-Fr...
http://rhn.redhat.com/errata/RHSA-2016-1079.html
http://www.securitytracker.com/id/1035827
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-06...
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
https://www.exploit-db.com/exploits/39830/
58
/ 100
high-risk
Severity 22/34 · High
Exploitability 26/34 · High
Exposure 10/34 · Low