|Number of vulnerabilities||1|
|CVE ID|| CVE-2016-7855
|CWE ID|| CWE-119
|Public exploit||This vulnerability is being exploited in the wild.|
Adobe Flash Player
Client/Desktop applications / Plugins for browsers, ActiveX components
Adobe Flash Player for Linux
Client/Desktop applications / Multimedia software
This security advisory describes one critical risk vulnerability.
Exploit availability: Yes [Search exploit]Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when handling .swf files. A remote attacker can trick the victim to visit a website or open a file with malicious Flash file and execute arbitrary code on the target system with privileges of the current user.
Note: this vulnerability was being actively exploited in the wild.Mitigation
Update the affected packages.
Adobe Flash Player: 184.108.40.206, 220.127.116.11, 18.104.22.168
Adobe Flash Player for Linux: 22.214.171.124, 126.96.36.1991, 188.8.131.522, 184.108.40.2060, 220.127.116.113, 18.104.22.1687, 22.214.171.1242, 126.96.36.1995, 188.8.131.526, 184.108.40.2061, 220.127.116.110, 18.104.22.1686, 22.214.171.1248, 126.96.36.1994, 188.8.131.525, 184.108.40.2069, 220.127.116.118, 18.104.22.1688, 22.214.171.1240, 126.96.36.1990, 188.8.131.522, 184.108.40.2061, 220.127.116.117, 18.104.22.1686, 22.214.171.1248, 126.96.36.1991, 188.8.131.521, 184.108.40.2065, 220.127.116.110, 18.104.22.1684, 22.214.171.1249, 126.96.36.1999, 188.8.131.527, 184.108.40.2066, 220.127.116.111, 18.104.22.1686, 22.214.171.1242, 126.96.36.1995, 188.8.131.527, 184.108.40.2063CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.