CVE-2016-4171
Publication date 16 June 2016
Last updated 25 August 2025
Ubuntu priority
Description
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| adobe-flashplugin | 16.04 LTS xenial |
Fixed 1:20160616.1-0ubuntu0.16.04.1
|
| 14.04 LTS trusty |
Fixed 1:20160616.1-0ubuntu0.14.04.1
|
|
| flashplugin-nonfree | 16.04 LTS xenial |
Fixed 11.2.202.626ubuntu0.16.04.1
|
| 14.04 LTS trusty |
Fixed 11.2.202.626ubuntu0.14.04.1
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |