CVE-2016-4171

critical

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

References

https://www.kb.cert.org/vuls/id/748992

https://security.gentoo.org/glsa/201606-08

https://access.redhat.com/errata/RHSA-2016:1238

http://www.securitytracker.com/id/1036094

http://www.securityfocus.com/bid/91184

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html

https://www.tenable.com/blog/analyzing-the-vulnerabilities-associated-with-the-top-malware-strains-of-2021

https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

https://helpx.adobe.com/security/products/flash-player/apsa16-03.html

Details

Source: Mitre, NVD

Published: 2016-06-16

Updated: 2025-04-12

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H