CVE-2016-4138
CRITICAL severity · CVSS 9.8
9.8CVSS CRITICAL
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)25%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products we track (2)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 ↗
Additional information
- NVD record
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083Patch
- https://helpx.adobe.com/security/products/flash-player/apsb16-18.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.htmlAdvisory
- http://www.securitytracker.com/id/1036117Advisory
- https://access.redhat.com/errata/RHSA-2016:1238Advisory
- https://www.exploit-db.com/exploits/40090/Advisory