CVE-2016-4117
KEV
🔴 Łataj teraz
Luka w Adobe Flash Player umożliwia zdalne wykonanie dowolnego kodu.
CVSS
9.8
EPSS
93.0%
Exploit
weaponized
Vendor
redhat
Opis źródłowy (NVD)
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 93.0% |
| Opublikowano (NVD) | 2016-05-11 01:59:46 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 21:07:21 UTC |
Referencje
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00046.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00047.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2016-1079.html (psirt@adobe.com) [Third Party Advisory]
- http://www.securityfocus.com/bid/90505 (psirt@adobe.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1035826 (psirt@adobe.com) [Broken Link, Third Party Advisory, VDB Entry]
- https://helpx.adobe.com/security/products/flash-player/apsa16-02.html (psirt@adobe.com) [Broken Link, Vendor Advisory]
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html (psirt@adobe.com) [Broken Link]
- https://security.gentoo.org/glsa/201606-08 (psirt@adobe.com) [Third Party Advisory]
- https://www.exploit-db.com/exploits/46339/ (psirt@adobe.com) [Exploit, Third Party Advisory, VDB Entry]
- https://github.com/cisagov/vulnrichment/issues/196 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [Issue Tracking]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4117 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]