Detections
Analytics

CVE-2016-4117

critical

Description

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

References

https://security.gentoo.org/glsa/201606-08

http://rhn.redhat.com/errata/RHSA-2016-1079.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html

https://www.edgescan.com/wp-content/uploads/2024/03/2023-Vulnerability-Statistics-Report.pdf

https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/

https://services.google.com/fh/files/misc/apt37-reaper-the-overlooked-north-korean-actor.pdf

https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html

http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf

https://securelist.com/operation-daybreak/75100/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4117

Details

Source: Mitre, NVD

Published: 2016-05-11

Updated: 2025-10-22

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.92942