CVE-2016-7892
CVE-2016-7892
In short
Adobe Flash Player has a use-after-free bug in the TextField class that allows attackers to run arbitrary code on your computer. This happens when Flash tries to use text field data that has already been deleted from memory.
Technical detail
Use-after-free vulnerability in Adobe Flash Player's TextField class (versions ≤23.0.0.207 and ≤11.2.202.644) allows remote code execution through crafted Flash content. Exploitation requires user interaction to load malicious SWF files; successful exploitation results in arbitrary code execution with user privileges.
Summary generated and translated by AI from the official description.
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.htmlhttp://lists.opensuse.org/opensuse-updates/2016-12/msg00112.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2947.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154https://helpx.adobe.com/security/products/flash-player/apsb16-39.htmlhttps://security.gentoo.org/glsa/201701-17https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7892http://www.securityfocus.com/bid/94877http://www.securitytracker.com/id/1037442