CVE-2016-4117

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 21.0.0.226 and earlier

Description The issue allows remote attackers to execute arbitrary code via unspecified vectors. It has been exploited in the wild, specifically in May 2016. The vulnerability is related to errors in the code of the Flash Player platform, which can allow a remote attacker to gain control over the system and cause the application to crash. The estimated number of potentially affected devices worldwide is not specified. However, it is known that threat actors such as ScarCruft (APT37) have used this issue for information theft and cyber espionage. The issue has been used in conjunction with other threats, including watering hole techniques, spear-phishing, and process injection techniques.

Recommendations For Adobe Flash Player versions 21.0.0.226 and earlier, update to a version later than 21.0.0.226 to resolve the issue. As a temporary workaround, consider disabling the Flash Player until a patch is applied. Restrict access to vulnerable systems to minimize the risk of exploitation. Avoid using systems that have Adobe Flash Player installed until the issue is resolved. At the moment, there is no additional information about other mitigation measures.