CVE-2016-4117

critical-risk
Published 2016-05-11

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

Do I need to act?

!
93.1% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
46339
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (16)

Affected Vendors

Adobe Suse Opensuse Redhat

References (24)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-1079.html
Broken Link http://www.securityfocus.com/bid/90505
Broken Link http://www.securitytracker.com/id/1035826
Broken Link https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
Broken Link https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Third Party Advisory https://security.gentoo.org/glsa/201606-08
Exploit https://www.exploit-db.com/exploits/46339/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-1079.html
Broken Link http://www.securityfocus.com/bid/90505
Broken Link http://www.securitytracker.com/id/1035826
Broken Link https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
Broken Link https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
and 4 more references
84
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 34/34 · Critical
Exposure 18/34 · Moderate