Lucene search

[email protected]CVE-2016-7881

HistoryDec 15, 2016 - 6:59 a.m.

CVE-2016-7881

2016-12-1506:59:45

CWE-416

[email protected]

web.nvd.nist.gov

adobe

flash player

cve-2016-7881

vulnerability

use after free

code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.016

Percentile

87.5%

JSON

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution.

Affected configurations

Vulners

NVD

Node

n\/aadobe_flash_player_23.0.0.207_and_earlier\,_11.2.202.644_and_earlierRange≤23.0.0.207

n\/aadobe_flash_player_23.0.0.207_and_earlier\,_11.2.202.644_and_earlierRange≤11.2.202.644

VendorProductVersionCPE
adobeflash_player_desktop_runtimecpe:/a:adobe:flash_player_desktop_runtime::::

Vendor	Product	Version	CPE
adobe	flash_player_desktop_runtime		cpe:/a:adobe:flash_player_desktop_runtime::::

CNA Affected

[
  {
    "product": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
      }
    ]
  }
]