CVE-2016-4171

ENISA EUVD: EUVD-2016-5172 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 1 article

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

44.16%

probability

This CVE has a 44.16% probability of being exploited in the next 30 days.

0% Top 97.6th percentile of all CVEs 100%

CVSS v3.1

Source: NVD

7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Project Zero

Memory corruption in ExecPolicy metadata parsing

Affected Products

Google Project Zero

Patched

June 15, 2016

Reported by

Anton Ivanov of Kaspersky

Root Cause Analysis

???

Patch Tuesday June 2016

Qualys Jun 14, 2016

Signal Intelligence

Confidenceⓘ

95%

EPSS 44.16%

CVSS v3.1 7.8

Mentions 1

Last Seen Jun 14, 2016

CNA Information

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 2

APT37

apt_group Information theft and espionage 🇰🇵 KP

APT3

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026