Vulnerability CVE-2016-4138

Vulnerability Name:

CVE-2016-4138 (CCN-113915)

Assigned:

2016-06-16

Published:

2016-06-16

Updated:

2021-11-19

Summary:

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-4138

Source: SUSE
Type: Broken Link, Third Party Advisory
SUSE-SU-2016:1613

Source: SUSE
Type: Broken Link, Third Party Advisory
openSUSE-SU-2016:1621

Source: SUSE
Type: Broken Link, Third Party Advisory
openSUSE-SU-2016:1625

Source: CCN
Type: RHSA-2016-1238
Critical: flash-plugin security update

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1036117

Source: REDHAT
Type: Third Party Advisory
RHSA-2016:1238

Source: MS
Type: Patch, Third Party Advisory
MS16-083

Source: XF
Type: UNKNOWN
adobe-flash-cve20164138-bo(113915)

Source: CCN
Type: Adobe Security Bulletin APSB16-18
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Source: CCN
Type: Packet Storm Security [07-08-2016]
Adobe Flash ATF Image Packing Overflow

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-11-2016]

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
40090

Vulnerable Configuration:

Configuration 1:

cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:adobe:flash_player:*:*:*:*:*:chrome:*:* (Version <= 21.0.0.242)

OR cpe:/a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* (Version <= 21.0.0.242)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:google:chrome_os:-:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

AND

cpe:/a:adobe:flash_player:*:*:*:*:*:edge:*:* (Version <= 21.0.0.242)

OR cpe:/a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:* (Version <= 21.0.0.242)

Configuration 4:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.2.202.621)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:adobe:flash_player:*:*:*:*:esr:*:*:* (Version <= 18.0.0.352)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*

Configuration 7:

cpe:/a:adobe:flash_player:-:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_10:1511:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:21.0.0.242:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:51:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20164138	V	CVE-2016-4138	2022-05-20
oval:org.opensuse.security:def:55959	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:47303	P	lftp-4.7.4-1.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47293	P	jakarta-taglibs-standard-1.1.1-255.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46991	P	libXext6-1.3.2-3.60 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47941	P	SuSEfirewall2-3.6.312.333-3.13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47364	P	libjpeg-turbo-1.3.1-30.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47075	P	libsnmp30-32bit-5.7.3-4.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47052	P	libmysqlclient18-10.0.27-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47201	P	apache-commons-daemon-1.0.15-6.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47995	P	dpdk-18.11.2-1.59 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47137	P	python-libxml2-2.9.4-27.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48002	P	eog-3.20.4-7.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47136	P	python-imaging-1.1.7-21.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47232	P	cups-filters-1.0.58-17.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47262	P	gdm-3.10.0.1-52.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48056	P	kdump-0.8.16-9.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47198	P	alsa-1.0.27.2-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46691	P	krb5-appl-clients-1.0.3-1.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11429	P	pam-1.1.8-11.57 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11559	P	ibus-chewing-1.4.10.1-2.25 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11767	P	binutils-2.26.1-9.12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11901	P	libjson-c2-0.11-2.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11729	P	telepathy-idle-0.2.0-1.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11943	P	libspice-client-glib-2_0-8-0.31-7.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12625	P	libspice-client-glib-2_0-8-0.33-3.6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46407	P	docker-1.2.0-3.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46838	P	rsyslog-8.4.0-8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11451	P	qemu-2.0.0-40.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11578	P	libXfixes3-32bit-5.0.1-3.53 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11652	P	libspice-client-glib-2_0-8-0.29-1.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11782	P	cups-filters-1.0.58-13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11742	P	xdg-utils-20140630-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11952	P	libthai-data-0.1.25-4.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46539	P	opensc-0.13.0-1.107 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46468	P	libXxf86dga1-1.1.4-3.58 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11497	P	bash-4.2-75.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11653	P	libspice-server1-0.12.5-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11674	P	mipv6d-2.0.2.umip.0.4-19.77 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11801	P	expat-2.1.0-17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12380	P	xorg-x11-7.6_1-14.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11421	P	m4-1.4.16-15.74 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11965	P	libyaml-0-2-0.1.6-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46630	P	coolkey-1.1.0-147.71 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46600	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11544	P	glibc-2.19-31.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11678	P	opensc-0.13.0-1.122 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11720	P	squashfs-4.3-1.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11876	P	libdcerpc-binding0-32bit-4.4.2-29.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12402	P	avahi-0.6.32-30.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12603	P	libpng15-15-1.5.22-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11644	P	libreoffice-5.0.2.2-13.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46777	P	libtasn1-3.7-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55885	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:46082	P	Security update for openssl (Moderate)	2021-03-19
oval:org.opensuse.security:def:46156	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:54267	P	libgcrypt20 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55736	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:54193	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53085	P	Security update for rmt-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:24586	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:24956	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:24521	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24867	P	Security update for opensc (Moderate)	2020-12-01
oval:org.opensuse.security:def:52885	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53542	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:53086	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53659	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:54324	P	libvorbis0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25792	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:24387	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25215	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:46276	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:54305	P	libraw9 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54490	P	gtk2-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54416	P	ImageMagick on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46081	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:24667	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25009	P	Security update for libsolv, libzypp, zypper (Moderate)	2020-12-01
oval:org.opensuse.security:def:24647	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:25017	P	Security update for ceph (Moderate)	2020-12-01
oval:org.opensuse.security:def:53025	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:53708	P	Security update for Salt (Critical)	2020-12-01
oval:org.opensuse.security:def:53108	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53765	P	Security update for libwpd (Important)	2020-12-01
oval:org.opensuse.security:def:25096	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25827	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:25853	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24448	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:54386	P	syslog-service on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54528	P	libXv1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24397	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24723	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:46142	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24728	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25070	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:53263	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:53993	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53248	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:53931	P	bogofilter on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25110	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:46095	P	Security update for libsolv (Moderate)	2020-12-01
oval:org.opensuse.security:def:25157	P	Security update for shibboleth-sp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:46143	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:55662	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:52862	P	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:54609	P	libssh2-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24460	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:24806	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:24458	P	Security update for gstreamer-plugins-base (Important)	2020-12-01
oval:org.opensuse.security:def:24784	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:52863	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53436	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:54101	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53486	P	Security update for nodejs8 (Critical)	2020-12-01
oval:org.opensuse.security:def:54216	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25154	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:46215	P	Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:25171	P	Security update for mailman (Important)	2020-12-01
oval:org.cisecurity:def:892	V	Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4138	2016-07-29
oval:org.opensuse.security:def:78370	P	Security update for flash-player (Critical)	2016-06-17
oval:org.opensuse.security:def:78593	P	Security update for flash-player (Critical)	2016-06-17

BACK