CVE-2016-7855
CVE-2016-7855
In short
Adobe Flash Player has a use-after-free vulnerability that allows attackers to run malicious code on your computer through specially crafted files or websites. This flaw was actively exploited by criminals in October 2016.
Technical detail
Use-after-free vulnerability in Adobe Flash Player (pre-23.0.0.205 Windows/macOS, pre-11.2.202.643 Linux) exploited via unspecified vectors. Attacker-controlled content triggers memory corruption, enabling arbitrary code execution with user interaction (typically file download or website visit).
Summary generated and translated by AI from the official description.
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
githubgithub.com/swagatbora90/CheckFlashPlayerVersion★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rhn.redhat.com/errata/RHSA-2016-2119.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128https://helpx.adobe.com/security/products/flash-player/apsb16-36.htmlhttps://security.gentoo.org/glsa/201610-10https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855http://www.securityfocus.com/bid/93861http://www.securitytracker.com/id/1037111