1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Flash Player Arbitrary Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2016-4117 Mappings

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2016-4117 Adobe Flash Player Arbitrary Code Execution Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
The vulnerability is exploited by a user opening a maliciously-crafted file. Reporting on in-the-wild exploitation indicates threat actor utilize this vulnerability to install command and control software on the target system. Adversaries seen exploiting this vulnerability were also observed to do a version check on the target software before attempting the exploitation.
References
  1. https://blog.morphisec.com/flash-vulnerability-cve-2016-4117
  2. https://blog.sonicwall.com/en-us/2016/05/recent-flash-zero-day-cve-2016-4117-attacks-spotted-in-the-wild-may-242016/
CVE-2016-4117 Adobe Flash Player Arbitrary Code Execution Vulnerability exploitation_technique T1204.002 Malicious File
Comments
The vulnerability is exploited by a user opening a maliciously-crafted file. Reporting on in-the-wild exploitation indicates threat actor utilize this vulnerability to install command and control software on the target system. Adversaries seen exploiting this vulnerability were also observed to do a version check on the target software before attempting the exploitation.
References
  1. https://blog.morphisec.com/flash-vulnerability-cve-2016-4117
  2. https://blog.sonicwall.com/en-us/2016/05/recent-flash-zero-day-cve-2016-4117-attacks-spotted-in-the-wild-may-242016/