What is CVE-2016-4138?

CVE-2016-4138 is a critical-severity vulnerability in Adobe Flash_player. CVSS score: 9.8/10. Published 2016-06-16.

How severe is CVE-2016-4138?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2016-4138 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Adobe Flash_player

CVE-2016-4138

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than…

EPSS: 0.607 (98.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

1036117 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
MS16-083 (x_refsource_MS, vendor-advisory, Patch, Third Party Advisory)
openSUSE-SU-2016:1625 (vendor-advisory, Third Party Advisory, x_refsource_SUSE, Broken Link)
40090 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
RHSA-2016:1238 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
openSUSE-SU-2016:1621 (vendor-advisory, Third Party Advisory, x_refsource_SUSE, Broken Link)
SUSE-SU-2016:1613 (vendor-advisory, Third Party Advisory, x_refsource_SUSE, Broken Link)
psirt@adobe.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-4138?: CVE-2016-4138 is a critical-severity vulnerability in Adobe Flash_player. CVSS score: 9.8/10. Published 2016-06-16.
How severe is CVE-2016-4138?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2016-4138 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.