|Number of vulnerabilities||1|
|CVE ID|| CVE-2016-7855
|CWE ID|| CWE-119
|Public exploit||This vulnerability is being exploited in the wild.|
Adobe Flash Player
Client/Desktop applications / Plugins for browsers, ActiveX components
Adobe Flash Player for Linux
Client/Desktop applications / Multimedia software
This security advisory describes one critical risk vulnerability.
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when handling .swf files. A remote attacker can trick the victim to visit a website or open a file with malicious Flash file and execute arbitrary code on the target system with privileges of the current user.
Note: this vulnerability was being actively exploited in the wild.Mitigation
Install updates from Microsoft website.Vulnerable software versions
Adobe Flash Player: 22.214.171.124, 126.96.36.199, 188.8.131.52
Adobe Flash Player for Linux: 184.108.40.206, 220.127.116.111, 18.104.22.1682, 22.214.171.1240, 126.96.36.1993, 188.8.131.527, 184.108.40.2062, 220.127.116.115, 18.104.22.1686, 22.214.171.1241, 126.96.36.1990, 188.8.131.526, 184.108.40.2068, 220.127.116.114, 18.104.22.1685, 22.214.171.1249, 126.96.36.1998, 188.8.131.528, 184.108.40.2060, 220.127.116.110, 18.104.22.1682, 22.214.171.1241, 126.96.36.1997, 188.8.131.526, 184.108.40.2068, 220.127.116.111, 18.104.22.1681, 22.214.171.1245, 126.96.36.1990, 188.8.131.524, 184.108.40.2069, 220.127.116.119, 18.104.22.1687, 22.214.171.1246, 126.96.36.1991, 188.8.131.526, 184.108.40.2062, 220.127.116.115, 18.104.22.1687, 22.214.171.1243CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.