CVE-2016-4117

CVE Database · CVE-2016-4117

CVE-2016-4117

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

94.35%

Published

May 10, 2016

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

The impacted product is end-of-life and should be disconnected if still in use.

Public PoC / Exploit (3)

All weaponized →

Exploit-DBAdobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)TrickestTrickest PoC index GitHub PoCamit-raut/CVE-2016-4117-Report★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products (16)

adobe · flash_playervulnerable

redhat · enterprise_linux_desktopvulnerable

redhat · enterprise_linux_servervulnerable

redhat · enterprise_linux_server_from_rhuivulnerable

redhat · enterprise_linux_workstationvulnerable

opensuse · evergreenvulnerable

References (20)

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1079.html

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs