Vulnerability CVE-2016-4117

Vulnerability Name:

CVE-2016-4117 (CCN-113060)

Assigned:

2016-05-10

Published:

2016-05-10

Updated:

2019-02-12

Summary:

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
8.2 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-4117

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:1305

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:1306

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:1308

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:1309

Source: CCN
Type: RHSA-2016-1079
Critical: flash-plugin security update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:1079

Source: BID
Type: UNKNOWN
90505

Source: CCN
Type: BID-90505
Adobe Flash Player CVE-2016-4117 Unspecified Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1035826

Source: XF
Type: UNKNOWN
adobe-flash-cve20164117-code-exec(113060)

Source: CCN
Type: Adobe Security Bulletin APSA16-02
Security Advisory for Adobe Flash Player

Source: CONFIRM
Type: Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html

Source: CONFIRM
Type: UNKNOWN
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

Source: CCN
Type: Packet Storm Security [02-09-2019]
Adobe Flash Player DeleteRangeTimelineOperation Type Confusion

Source: GENTOO
Type: UNKNOWN
GLSA-201606-08

Source: CCN
Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
KNOWN EXPLOITED VULNERABILITIES CATALOG

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [02-11-2019]

Source: EXPLOIT-DB
Type: UNKNOWN
46339

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-4117

Vulnerable Configuration:

Configuration 1:

cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*

OR cpe:/o:google:chrome_os:*:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

AND

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 21.0.0.226)

Configuration CCN 1:

cpe:/a:adobe:flash_player:21.0.0.226:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:21.0.0.213:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player_for_linux:11.2.202.616:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:21.0.0.226:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8:::~~~~x64~:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20164117	V	CVE-2016-4117	2022-05-20
oval:org.opensuse.security:def:55942	P	Security update for aspell (Important)	2021-08-25
oval:org.opensuse.security:def:46987	P	libQt5WebKit5-5.6.1-9.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47299	P	kdump-0.8.16-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47291	P	iputils-s20121221-2.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47071	P	libraptor2-0-2.0.10-3.63 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47050	P	libmspack0-0.4-14.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47133	P	procmail-3.22-267.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47937	P	DirectFB-1.7.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47362	P	libjavascriptcoregtk-4_0-18-2.12.5-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47134	P	python-2.7.9-24.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47197	P	accountsservice-0.6.42-14.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47991	P	dhcp-4.3.3-10.16.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47196	P	aaa_base-13.2+git20140911.61c1681-36.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48000	P	elfutils-0.158-7.7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47228	P	crash-7.1.8-3.9 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47260	P	gdk-pixbuf-lang-2.34.0-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48054	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:11700	P	puppet-3.6.2-3.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12382	P	xorg-x11-server-7.6_1.18.3-71.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12586	P	libnetpbm11-10.66.3-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11627	P	libneon27-0.30.0-3.65 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46403	P	cyrus-sasl-2.1.26-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46836	P	rpm-32bit-4.11.2-10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11558	P	hyper-v-6-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11409	P	libtiff5-32bit-4.0.3-9.78 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11765	P	bash-4.3-78.39 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11709	P	radvd-1.9.7-2.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11926	P	libpolkit0-0.113-5.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12608	P	libprocps3-3.3.9-11.14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46535	P	mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46466	P	libXv1-1.0.10-3.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11477	P	xalan-j2-2.7.0-264.133 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11633	P	libpng15-15-1.5.22-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11431	P	pam_krb5-2.4.4-4.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11784	P	curl-7.37.0-28.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11635	P	libpolkit0-0.113-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11722	P	sudo-1.8.10p3-1.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11935	P	libraw9-0.15.4-3.88 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46626	P	bzip2-1.0.6-27.1129 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46598	P	xlockmore-5.43-5.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11524	P	ecryptfs-utils-103-5.35 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11658	P	libtiff5-32bit-4.0.4-12.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11703	P	python-imaging-1.1.7-21.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11859	P	libXi6-1.7.4-9.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11657	P	libtasn1-3.7-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12360	P	telepathy-gabble-0.18.3-5.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11401	P	libsmi-0.4.8-18.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11948	P	libssh4-0.6.3-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46773	P	libspice-client-glib-2_0-8-0.29-1.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46689	P	kernel-default-3.12.49-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11539	P	gdk-pixbuf-lang-2.30.6-1.23 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11750	P	yast2-3.1.155-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11884	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55868	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:24456	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53522	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:52843	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53642	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:54307	P	librpcsecgss3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25150	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:46274	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:25169	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:46154	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:54247	P	libXt6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55716	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:54399	P	wdiff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53068	P	Security update for the Linux Azure Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24663	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25005	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24645	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25015	P	Security update for ghostscript (Moderate)	2020-12-01
oval:org.opensuse.security:def:53005	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:53688	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:52865	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53748	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53069	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25788	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:24383	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:25213	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:54285	P	libmpfr4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54473	P	gdk-pixbuf-lang on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24719	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:46077	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:24726	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25068	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:53243	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:53973	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53231	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:53914	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:53091	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25092	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25823	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:46078	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:25851	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:24446	P	Security update for apache2-mod_jk (Important)	2020-12-01
oval:org.opensuse.security:def:54366	P	python-libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54511	P	libHX28 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24802	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24393	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:24782	P	Security update for opensc (Low)	2020-12-01
oval:org.opensuse.security:def:46140	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:53416	P	Security update for nodejs8 (Important)	2020-12-01
oval:org.opensuse.security:def:54081	P	libzmq3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53469	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:54199	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46211	P	Security update for nfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25106	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:46091	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25155	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25886	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:46141	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:54173	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55642	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:52842	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:54592	P	libpulse-mainloop-glib0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24582	P	Security update for apache2-mod_perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:24952	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24519	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:24865	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)	2020-12-01
oval:org.cisecurity:def:513	V	Adobe Flash Player Remote Code Execution Vulnerability - CVE-2016-4117	2016-06-13
oval:org.opensuse.security:def:78350	P	Security update for flash-player (Important)	2016-05-16
oval:org.opensuse.security:def:78576	P	Security update for flash-player (Important)	2016-05-16
oval:com.ubuntu.xenial:def:201641170000000	V	CVE-2016-4117 on Ubuntu 16.04 LTS (xenial) - medium.	2016-05-11
oval:com.ubuntu.precise:def:20164117000	V	CVE-2016-4117 on Ubuntu 12.04 LTS (precise) - medium.	2016-05-10
oval:com.ubuntu.trusty:def:20164117000	V	CVE-2016-4117 on Ubuntu 14.04 LTS (trusty) - medium.	2016-05-10
oval:com.ubuntu.xenial:def:20164117000	V	CVE-2016-4117 on Ubuntu 16.04 LTS (xenial) - medium.	2016-05-10

BACK