CVE-2016-4138

critical-risk
Published 2016-06-16

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Do I need to act?

!
60.7% chance of exploitation in next 30 days
EPSS score — higher than 39% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
40090
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (19)

Affected Vendors

Suse Redhat Opensuse Adobe

References (16)

Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html
Third Party Advisory http://www.securitytracker.com/id/1036117
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1238
Patch https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-08...
Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
Exploit https://www.exploit-db.com/exploits/40090/
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html
Broken Link http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html
Third Party Advisory http://www.securitytracker.com/id/1036117
Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1238
Patch https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-08...
Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
Exploit https://www.exploit-db.com/exploits/40090/
77
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 26/34 · High
Exposure 19/34 · Moderate