Multiple vulnerabilities in Adobe Flash Player
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2016-7890 CVE-2016-7876 CVE-2016-7875 CVE-2016-7874 CVE-2016-7873 CVE-2016-7871 CVE-2016-7870 CVE-2016-7869 CVE-2016-7868 CVE-2016-7867 CVE-2016-7892 CVE-2016-7881 CVE-2016-7880 CVE-2016-7879 CVE-2016-7878 CVE-2016-7877 CVE-2016-7872 |
| CWE-ID | CWE-20 CWE-119 CWE-416 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #11 is being exploited in the wild. |
| Vulnerable software |
Adobe Flash Player Client/Desktop applications / Plugins for browsers, ActiveX components Adobe Flash Player for Linux Client/Desktop applications / Plugins for browsers, ActiveX components |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
This security bulletin describes 17 vulnerabilities in Adobe Flash, including 1 zero-day vulnerability.
1) Security restrictions bypass
EUVDB-ID: #VU1297
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-7890
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unknown error processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it and bypass implemented security mechanisms.
Successful exploitation of the vulnerability results in unauthorized access to restricted information.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU1296
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7876
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU1295
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7875
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU1294
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7874
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU1293
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7873
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU1292
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7871
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU1291
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7870
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU1290
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7869
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU1289
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7868
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU1288
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7867
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free error
EUVDB-ID: #VU1287
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2016-7892
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
12) Use-after-free error
EUVDB-ID: #VU1286
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7881
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free error
EUVDB-ID: #VU1285
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7880
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free error
EUVDB-ID: #VU1284
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7879
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free error
EUVDB-ID: #VU1283
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7878
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free error
EUVDB-ID: #VU1282
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7877
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free error
EUVDB-ID: #VU1281
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-7872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197 - 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.644
CPE2.3- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.197:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.213:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player:21.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.621:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.626:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_flash_player_for_linux:11.2.202.632:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
