Lucene search

[email protected]NVD:CVE-2016-4171

HistoryJun 16, 2016 - 2:59 p.m.

CVE-2016-4171

2016-06-1614:59:51

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.156 Low

EPSS

Percentile

96.0%

JSON

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

Affected configurations

NVD

Node

adobeflash_player_for_linuxRange≤11.2.202.621

AND

linuxlinux_kernel

Node

adobeflash_playerRange≤21.0.0.242

AND

applemac_os_x

applemacos

microsoftwindows

Node

applemac_os_x

applemacos

googlechrome_os

linuxlinux_kernel

microsoftwindows

AND

adobeflash_playerRange≤21.0.0.242chrome

Node

microsoftwindows_8.1

AND

adobeflash_playerRange≤21.0.0.242internet_explorer

Node

adobeflash_playerRange≤18.0.0.352esr

AND

applemac_os_x

applemacos

microsoftwindows

Node

microsoftwindows_10

AND

adobeflash_playerRange≤21.0.0.242edge

adobeflash_playerRange≤21.0.0.242internet_explorer

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_workstation_extensionMatch12

suselinux_enterprise_workstation_extensionMatch12sp1

References

lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html

www.securityfocus.com/bid/91184

www.securitytracker.com/id/1036094

access.redhat.com/errata/RHSA-2016:1238

helpx.adobe.com/security/products/flash-player/apsa16-03.html

helpx.adobe.com/security/products/flash-player/apsb16-18.html

security.gentoo.org/glsa/201606-08

www.kb.cert.org/vuls/id/748992

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.156 Low

EPSS

Percentile

96.0%

JSON

Related for NVD:CVE-2016-4171

cert1 ubuntucve1 prion1 attackerkb1 redhatcve1 cvelist1 cve1 checkpoint_advisories1 cisa_kev1 threatpost3 thn1 securelist1 gentoo1 nessus9 suse3 openvas9 mageia1 altlinux2 kaspersky1 redhat1 archlinux2 freebsd1 mscve1