CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2016-4117

CVSS 9.8v3.1pub. 2016-05-11upd. 2026-04-21

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Adobe Flash Player

    APP
    Adobe
    ≤ 21.0.0.226
  • Opensuse Evergreen

    OS
    Opensuse
    11.4
  • Opensuse

    OS
    Opensuse
    13.113.2
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    5.06.0
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    5.06.0
  • Red Hat Enterprise Linux Server From Rhui

    OS
    Redhat
    5.06.0
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    5.06.0
  • SUSE Linux Enterprise Desktop

    OS
    Suse
    12
  • SUSE Linux Enterprise Workstation Extension

    OS
    Suse
    12

CISA KEV — detailsi

Vendori
Adobe
Producti
Flash Player
Added to KEVi
March 3, 2022
Remediation deadline (US Federal)i
March 24, 2022(overdue)
Required action (CISA)i

The impacted product is end-of-life and should be disconnected if still in use.

CISA descriptioni

An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 24 marca 2022
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam produkt

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...

CVE-2016-4171CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...