High severity8.8NVD Advisory· Published Jun 16, 2016· Updated May 6, 2026

CVE-2016-4154

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Affected products

Adobe Inc./Flash Player5 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.621
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*range: <=21.0.0.242
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*range: <=21.0.0.242
- cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*range: <=18.0.0.352
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*range: <=21.0.0.242
Adobe Inc./Flash Player Desktop Runtime
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
Range: <=21.0.0.242
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop2 versions
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Workstation Extension2 versions
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083nvdPatchThird Party Advisory
helpx.adobe.com/security/products/flash-player/apsb16-18.htmlnvdPatchVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlnvdBroken LinkMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlnvdBroken LinkMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlnvdBroken LinkMailing ListThird Party Advisory
www.securitytracker.com/id/1036117nvdBroken LinkThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2016:1238nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000