Memory corruption in Adobe Animate

Published: 2016-12-13 18:05:25
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2016-7866
CVSSv3 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-119
Exploitation vector Network
Public exploit Not available
Vulnerable software Animate
Vulnerable software versions Animate 15.2.1.95
Vendor URL Adobe

Security Advisory

1) Memory corruption

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote attacker can execute arbitrary code on the target system via unknown attack vectors.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

The vulnerability is fixed in version 16.0.0.112 for Windows and Macintosh:
https://creative.adobe.com/products/download/animate

External links

https://helpx.adobe.com/security/products/animate/apsb16-38.html
/security/products/animate/apsb16-38.html

Back to List