CVE-2016-7892
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier | Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier | affected |
Weaknesses
- Use After Free
ADP Enrichment
CVE Program Container
Additional References
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154
- https://security.gentoo.org/glsa/201701-17
- http://www.securitytracker.com/id/1037442
- http://rhn.redhat.com/errata/RHSA-2016-2947.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- http://www.securityfocus.com/bid/94877
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154
- https://security.gentoo.org/glsa/201701-17
- http://www.securitytracker.com/id/1037442
- http://rhn.redhat.com/errata/RHSA-2016-2947.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- http://www.securityfocus.com/bid/94877
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.