CVE-2016-4171
critical-risk
Published 2016-06-16
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
Do I need to act?
!
56.5% chance of exploitation in next 30 days
EPSS score — higher than 44% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (17)
References (22)
Third Party Advisory
http://www.securityfocus.com/bid/91184
Third Party Advisory
http://www.securitytracker.com/id/1036094
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1238
Third Party Advisory
https://security.gentoo.org/glsa/201606-08
Third Party Advisory
https://www.kb.cert.org/vuls/id/748992
Third Party Advisory
http://www.securityfocus.com/bid/91184
Third Party Advisory
http://www.securitytracker.com/id/1036094
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1238
Third Party Advisory
https://security.gentoo.org/glsa/201606-08
Third Party Advisory
https://www.kb.cert.org/vuls/id/748992
and 2 more references
76
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
25/34 · High
Exposure
19/34 · Moderate