Main Vulnerability Database Exploits ID:1882 - Exploit for Use-after-free error in Adobe Flash Player and Adobe Flash Player for Linux - CVE-2016-7855

ID:1882 - Exploit for Use-after-free error in Adobe Flash Player and Adobe Flash Player for Linux - CVE-2016-7855

Published: March 18, 2020

Vulnerability identifier: #VU1078

Vulnerability risk: Critical

CVE-ID: CVE-2016-7855

CWE-ID: CWE-119

Exploitation vector: Remote access

Vulnerable software:
Adobe Flash Player
Adobe Flash Player for Linux

Link to public exploit:

https://github.com/swagatbora90/CheckFlashPlayerVersion

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when handling .swf files. A remote attacker can trick the victim to visit a website or open a file with malicious Flash file and execute arbitrary code on the target system with privileges of the current user.

Note: this vulnerability was being actively exploited in the wild.

Remediation

The vulnerability is fixed in version 23.0.0.205 for Windows, Macintosh, Linux and Chrome OS and in version 11.2.202.643 for Linux.

ID:1882 - Exploit for Use-after-free error in Adobe Flash Player and Adobe Flash Player for Linux - CVE-2016-7855

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human