CVE-2016-7859

HIGH

Adobe Flash Player < 23.0.0.205 and <= 11.2.202.643 - Use-After-Free

Title source: llm
STIX 2.1

Description

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

References (7)

Core 7
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94153
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2676.html
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-16-602
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037240
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201611-18

Scores

CVSS v3 8.8
EPSS 0.0704
EPSS Percentile 93.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (9)
adobe/flash_player < 23.0.0.205 (4 CPE variants)
adobe/flash_player_for_linux < 11.2.202.643
n/a/Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier Adobe Flash Player 23.0.0.205 and earlier, 11.2.202.643 and earlier
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_server 5.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_workstation 5.0
redhat/enterprise_linux_workstation 6.0
Published Nov 08, 2016
Tracked Since Feb 18, 2026