Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2016-4171

Disclosure Date: June 16, 2016
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

Add Assessment

1
Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • adobe,
  • opensuse,
  • redhat,
  • suse

Products

  • enterprise linux desktop 5.0,
  • enterprise linux desktop 6.0,
  • enterprise linux server 5.0,
  • enterprise linux server 6.0,
  • enterprise linux workstation 5.0,
  • enterprise linux workstation 6.0,
  • flash player,
  • flash player for linux,
  • linux enterprise desktop 12,
  • linux enterprise workstation extension 12,
  • opensuse 13.1,
  • opensuse 13.2

Exploited in the Wild

Reported by:
Technical Analysis