CVE-2016-4161 — CRITICAL (9.8)

Q: How severe is CVE-2016-4161?

CVE-2016-4161 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-4161?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10, Microsoft Windows 8.1, Adobe Flash Player, Apple Mac Os X, Microsoft Windows.

Vulnerability Description

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Windows 10	-
Microsoft	Windows 8.1	-
Adobe	Flash Player	<= 21.0.0.241
Apple	Mac Os X	-
Microsoft	Windows	-
Adobe	Air Sdk \& Compiler	<= 21.0.0.198
Apple	Iphone Os	-
Google	Android	-
Adobe	Air Sdk	<= 21.0.0.198
Linux	Linux Kernel	-
Google	Chrome Os	-
Adobe	Flash Player Desktop Runtime	<= 21.0.0.226
Adobe	Air Desktop Runtime	<= 21.0.0.198

Related Weaknesses (CWE)

CWE-119

References

http://rhn.redhat.com/errata/RHSA-2016-1079.htmlThird Party Advisory
http://www.securityfocus.com/bid/90618Broken LinkThird Party AdvisoryVDB Entry
https://helpx.adobe.com/security/products/flash-player/apsb16-15.htmlPatchVendor Advisory
https://security.gentoo.org/glsa/201606-08Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1079.htmlThird Party Advisory
http://www.securityfocus.com/bid/90618Broken LinkThird Party AdvisoryVDB Entry
https://helpx.adobe.com/security/products/flash-player/apsb16-15.htmlPatchVendor Advisory
https://security.gentoo.org/glsa/201606-08Third Party Advisory

FAQ

What is CVE-2016-4161?

CVE-2016-4161 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of servic...

How severe is CVE-2016-4161?

CVE-2016-4161 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-4161?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10, Microsoft Windows 8.1, Adobe Flash Player, Apple Mac Os X, Microsoft Windows.