CVE-2016-4171

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-4171
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html Mailing List Third Party Advisory
http://www.securityfocus.com/bid/91184 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036094 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2016:1238 Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html Vendor Advisory
https://security.gentoo.org/glsa/201606-08 Third Party Advisory
https://www.kb.cert.org/vuls/id/748992 Third Party Advisory US Government Resource
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html Mailing List Third Party Advisory
http://www.securityfocus.com/bid/91184 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036094 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2016:1238 Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html Vendor Advisory
https://security.gentoo.org/glsa/201606-08 Third Party Advisory
https://www.kb.cert.org/vuls/id/748992 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*

Configuration 7 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 8 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*
History

14 Feb 2025, 16:12

Type Values Removed Values Added
CPE cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Information

Published : 2016-06-16 14:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-4171

Mitre link : CVE-2016-4171

CVE.ORG link : CVE-2016-4171

JSON object : View

Products Affected

opensuse

  • opensuse

redhat

  • enterprise_linux_workstation
  • enterprise_linux_desktop
  • enterprise_linux_server

adobe

  • flash_player

google

  • chrome_os

suse

  • linux_enterprise_desktop
  • linux_enterprise_workstation_extension

apple

  • macos
  • mac_os_x

microsoft

  • windows_8.1
  • windows_10
  • windows

linux

  • linux_kernel
CWE
NVD-CWE-noinfo