Vulnerability Name:

CVE-2016-4117 (CCN-113060)

Assigned:2016-05-10
Published:2016-05-10
Updated:2019-02-12
Summary:Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
8.2 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2016-4117

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:1305

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:1306

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:1308

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:1309

Source: CCN
Type: RHSA-2016-1079
Critical: flash-plugin security update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:1079

Source: BID
Type: UNKNOWN
90505

Source: CCN
Type: BID-90505
Adobe Flash Player CVE-2016-4117 Unspecified Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1035826

Source: XF
Type: UNKNOWN
adobe-flash-cve20164117-code-exec(113060)

Source: CCN
Type: Adobe Security Bulletin APSA16-02
Security Advisory for Adobe Flash Player

Source: CONFIRM
Type: Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html

Source: CONFIRM
Type: UNKNOWN
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

Source: CCN
Type: Packet Storm Security [02-09-2019]
Adobe Flash Player DeleteRangeTimelineOperation Type Confusion

Source: GENTOO
Type: UNKNOWN
GLSA-201606-08

Source: CCN
Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
KNOWN EXPLOITED VULNERABILITIES CATALOG

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [02-11-2019]

Source: EXPLOIT-DB
Type: UNKNOWN
46339

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-4117

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*
  • OR cpe:/o:google:chrome_os:*:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 21.0.0.226)

  • Configuration CCN 1:
  • cpe:/a:adobe:flash_player:21.0.0.226:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:21.0.0.213:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:21.0.0.213:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player_for_linux:11.2.202.616:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:21.0.0.226:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:21.0.0.226:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:*
  • OR cpe:/o:microsoft:windows_8:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*
  • OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20164117
    V
    CVE-2016-4117
    2022-05-20
    oval:org.opensuse.security:def:55942
    P
    Security update for aspell (Important)
    2021-08-25
    oval:org.opensuse.security:def:46987
    P
    libQt5WebKit5-5.6.1-9.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47299
    P
    kdump-0.8.16-5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47291
    P
    iputils-s20121221-2.17 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47071
    P
    libraptor2-0-2.0.10-3.63 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47050
    P
    libmspack0-0.4-14.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47133
    P
    procmail-3.22-267.12 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47937
    P
    DirectFB-1.7.1-6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47362
    P
    libjavascriptcoregtk-4_0-18-2.12.5-1.12 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47134
    P
    python-2.7.9-24.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47197
    P
    accountsservice-0.6.42-14.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47991
    P
    dhcp-4.3.3-10.16.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47196
    P
    aaa_base-13.2+git20140911.61c1681-36.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48000
    P
    elfutils-0.158-7.7.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47228
    P
    crash-7.1.8-3.9 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47260
    P
    gdk-pixbuf-lang-2.34.0-18.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48054
    P
    java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:11700
    P
    puppet-3.6.2-3.62 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12382
    P
    xorg-x11-server-7.6_1.18.3-71.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12586
    P
    libnetpbm11-10.66.3-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11627
    P
    libneon27-0.30.0-3.65 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46403
    P
    cyrus-sasl-2.1.26-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46836
    P
    rpm-32bit-4.11.2-10.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11558
    P
    hyper-v-6-11.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11409
    P
    libtiff5-32bit-4.0.3-9.78 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11765
    P
    bash-4.3-78.39 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11709
    P
    radvd-1.9.7-2.17 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11926
    P
    libpolkit0-0.113-5.6.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12608
    P
    libprocps3-3.3.9-11.14.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46535
    P
    mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46466
    P
    libXv1-1.0.10-3.56 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11477
    P
    xalan-j2-2.7.0-264.133 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11633
    P
    libpng15-15-1.5.22-2.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11431
    P
    pam_krb5-2.4.4-4.5 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11784
    P
    curl-7.37.0-28.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11635
    P
    libpolkit0-0.113-4.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11722
    P
    sudo-1.8.10p3-1.62 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11935
    P
    libraw9-0.15.4-3.88 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46626
    P
    bzip2-1.0.6-27.1129 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46598
    P
    xlockmore-5.43-5.30 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11524
    P
    ecryptfs-utils-103-5.35 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11658
    P
    libtiff5-32bit-4.0.4-12.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11703
    P
    python-imaging-1.1.7-21.15 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11859
    P
    libXi6-1.7.4-9.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11657
    P
    libtasn1-3.7-4.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12360
    P
    telepathy-gabble-0.18.3-5.7 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11401
    P
    libsmi-0.4.8-18.63 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11948
    P
    libssh4-0.6.3-11.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46773
    P
    libspice-client-glib-2_0-8-0.29-1.4 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46689
    P
    kernel-default-3.12.49-11.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11539
    P
    gdk-pixbuf-lang-2.30.6-1.23 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11750
    P
    yast2-3.1.155-1.13 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11884
    P
    libgadu3-1.11.4-1.12 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:55868
    P
    Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)
    2021-03-17
    oval:org.opensuse.security:def:24456
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:53522
    P
    Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:52843
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:53642
    P
    Security update for curl (Important)
    2020-12-01
    oval:org.opensuse.security:def:54307
    P
    librpcsecgss3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25150
    P
    Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46274
    P
    Security update for libexif (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25169
    P
    Security update for openexr (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46154
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:54247
    P
    libXt6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55716
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:54399
    P
    wdiff on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53068
    P
    Security update for the Linux Azure Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:24663
    P
    Security update for qemu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25005
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:24645
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25015
    P
    Security update for ghostscript (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53005
    P
    Security update for libexif (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53688
    P
    Security update for libqt5-qtbase (Important)
    2020-12-01
    oval:org.opensuse.security:def:52865
    P
    Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:53748
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:53069
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25788
    P
    Security update for zeromq (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24383
    P
    Security update for openssh (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25213
    P
    Security update for ntp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54285
    P
    libmpfr4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54473
    P
    gdk-pixbuf-lang on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24719
    P
    Security update for dovecot22 (Important)
    2020-12-01
    oval:org.opensuse.security:def:46077
    P
    Security update for xerces-c (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24726
    P
    Security update for java-1_8_0-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25068
    P
    Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:53243
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:53973
    P
    glibc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53231
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:53914
    P
    Security update for bluez (Important)
    2020-12-01
    oval:org.opensuse.security:def:53091
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25092
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25823
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:46078
    P
    Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25851
    P
    Security update for freerdp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24446
    P
    Security update for apache2-mod_jk (Important)
    2020-12-01
    oval:org.opensuse.security:def:54366
    P
    python-libxml2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54511
    P
    libHX28 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24802
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:24393
    P
    Security update for git (Important)
    2020-12-01
    oval:org.opensuse.security:def:24782
    P
    Security update for opensc (Low)
    2020-12-01
    oval:org.opensuse.security:def:46140
    P
    Security update for openssl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53416
    P
    Security update for nodejs8 (Important)
    2020-12-01
    oval:org.opensuse.security:def:54081
    P
    libzmq3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53469
    P
    Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:54199
    P
    fuse on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46211
    P
    Security update for nfs-utils (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25106
    P
    Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:46091
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25155
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25886
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:46141
    P
    Security update for ppp (Important)
    2020-12-01
    oval:org.opensuse.security:def:54173
    P
    cups on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55642
    P
    Security update for libmspack (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52842
    P
    Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54592
    P
    libpulse-mainloop-glib0-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24582
    P
    Security update for apache2-mod_perl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24952
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:24519
    P
    Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:24865
    P
    Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)
    2020-12-01
    oval:org.cisecurity:def:513
    V
    Adobe Flash Player Remote Code Execution Vulnerability - CVE-2016-4117
    2016-06-13
    oval:org.opensuse.security:def:78350
    P
    Security update for flash-player (Important)
    2016-05-16
    oval:org.opensuse.security:def:78576
    P
    Security update for flash-player (Important)
    2016-05-16
    oval:com.ubuntu.xenial:def:201641170000000
    V
    CVE-2016-4117 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-05-11
    oval:com.ubuntu.precise:def:20164117000
    V
    CVE-2016-4117 on Ubuntu 12.04 LTS (precise) - medium.
    2016-05-10
    oval:com.ubuntu.trusty:def:20164117000
    V
    CVE-2016-4117 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-05-10
    oval:com.ubuntu.xenial:def:20164117000
    V
    CVE-2016-4117 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-05-10
    BACK
    apple mac os x *
    google chrome os *
    linux linux kernel *
    microsoft windows *
    adobe flash player *
    adobe flash player 21.0.0.226
    adobe flash player 21.0.0.213
    adobe flash player 21.0.0.213
    adobe flash player for linux 11.2.202.616
    adobe flash player 21.0.0.226
    adobe flash player 21.0.0.226
    redhat enterprise linux server supplementary 6
    redhat enterprise linux workstation supplementary 6
    redhat enterprise linux desktop supplementary 6
    microsoft windows 8 - -
    microsoft windows 8
    microsoft windows server 2012
    microsoft windows rt -
    microsoft windows 8.1 - -
    microsoft windows 8.1
    microsoft windows server 2012 r2
    microsoft windows rt 8.1 -