Critical severity9.8CISA KEVNVD Advisory· Published Jun 16, 2016· Updated Apr 21, 2026

CVE-2016-4171

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

Affected products

Adobe Inc./Flash Player5 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.621
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*range: <=21.0.0.242
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*range: <=21.0.0.242
- cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*range: <=18.0.0.352
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*range: <=21.0.0.242
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop2 versions
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Workstation Extension2 versions
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlnvdMailing ListThird Party Advisory
www.securityfocus.com/bid/91184nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1036094nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2016:1238nvdThird Party Advisory
helpx.adobe.com/security/products/flash-player/apsa16-03.htmlnvdVendor Advisory
helpx.adobe.com/security/products/flash-player/apsb16-18.htmlnvdVendor Advisory
security.gentoo.org/glsa/201606-08nvdThird Party Advisory
www.kb.cert.org/vuls/id/748992nvdThird Party AdvisoryUS Government Resource
github.com/cisagov/vulnrichment/issues/196nvdIssue Tracking
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.035
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000