← back
CVE-2016-4117

CVE-2016-4117

CVSS 7.8 HIGHEPSS 94.4%● KEV
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 94.4%KEV simPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
27 Apr 2016Metasploit module available
11 May 2016Published on NVD
23 Feb 2017Public PoC
03 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
Who exploits it1

Groups known to exploit this vulnerability (MITRE ATT&CK attribution).

APT / StateAPT37Coreia do Norte
In short

Adobe Flash Player versions up to 21.0.0.226 contain a vulnerability that allows attackers to run malicious code on a user's computer. This flaw was actively exploited by criminals in May 2016, making it a critical security threat.

Technical detail

A remote code execution vulnerability exists in Adobe Flash Player 21.0.0.226 and earlier through unspecified attack vectors. The vulnerability was actively exploited in the wild in May 2016, indicating high practical exploitability and demonstrating arbitrary code execution capability on affected systems.

Summary generated and translated by AI from the official description.
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found3
githubgithub.com/amit-raut/CVE-2016-4117-Report1exploitdbwww.exploit-db.com/exploits/46339unverifiedcve_referencewww.exploit-db.com/exploits/46339/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1079.htmlhttps://github.com/cisagov/vulnrichment/issues/196https://helpx.adobe.com/security/products/flash-player/apsa16-02.htmlhttps://helpx.adobe.com/security/products/flash-player/apsb16-15.htmlhttps://security.gentoo.org/glsa/201606-08https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4117https://www.exploit-db.com/exploits/46339/http://www.securityfocus.com/bid/90505