VDB
CVE-2016-4171
CVE-2016-4171
PUBLISHED
KEV
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
EPSS 44.17% · 97.6th percentile
Risk Scores
EPSS Score
44.17%
97.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | flashplugin-nonfree | 0, 11.2.202.327ubuntu0.13.10.1, 11.2.202.341ubuntu1 |
| Ubuntu:16.04:LTS | flashplugin-nonfree | 0, 11.2.202.540ubuntu2, 11.2.202.548ubuntu1 |
Exploit Intelligence
- APT37 (misp-galaxy)
- APT37 (misp-galaxy)
- APT37 (misp-galaxy)
- APT37 (misp-galaxy)
- APT37 (misp-galaxy)
- APT37 (misp-galaxy)
- APT37 (misp-galaxy)
- APT37 (misp-galaxy)
- Memory corruption in ExecPolicy metadata parsing (Adobe Flash) (gpz)
- Memory corruption in ExecPolicy metadata parsing (Adobe Flash) (gpz)
…and 18 more exploits
Timeline
- Jun 15, 2016 CVE Published
- Jun 15, 2016 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 25, 2022 CISA KEV Added
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 10, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-4171 third-party-advisory
- https://helpx.adobe.com/security/products/flash-player/apsa16-03.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-4171 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory
- Vulnérabilité dans Adobe Flash Player advisory