| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE ID | CVE-2016-7890 CVE-2016-7876 CVE-2016-7875 CVE-2016-7874 CVE-2016-7873 CVE-2016-7871 CVE-2016-7870 CVE-2016-7869 CVE-2016-7868 CVE-2016-7867 CVE-2016-7892 CVE-2016-7881 CVE-2016-7880 CVE-2016-7879 CVE-2016-7878 CVE-2016-7877 CVE-2016-7872 |
| CWE ID | CWE-20 CWE-119 CWE-416 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #11 is being exploited in the wild. |
| Vulnerable software Subscribe |
Adobe Flash Player Client/Desktop applications / Plugins for browsers, ActiveX components Adobe Flash Player for Linux Client/Desktop applications / Multimedia software |
| Vendor | Adobe |
This security bulletin describes 17 vulnerabilities in Adobe Flash, including 1 zero-day vulnerability.
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7890
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unknown error processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it and bypass implemented security mechanisms.
Successful exploitation of the vulnerability results in unauthorized access to restricted information.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7876
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7875
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7874
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7873
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7871
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7870
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7869
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7868
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7867
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: Critical
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7892
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7881
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7880
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7879
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7878
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7877
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-7872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.
Adobe Flash Player: 21.0.0.197, 21.0.0.213, 21.0.0.226, 21.0.0.242, 22.0.0.192, 22.0.0.211, 23.0.0.162, 23.0.0.185, 23.0.0.205, 23.0.0.207
Adobe Flash Player for Linux: 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.