Security restrictions bypass in Adobe Flash Player and Adobe Flash Player for Linux - CVE-2016-7890
Published: December 13, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU1297
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-7890
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe Flash Player
Adobe Flash Player for Linux
Adobe Flash Player
Adobe Flash Player for Linux
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unknown error processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it and bypass implemented security mechanisms.
Successful exploitation of the vulnerability results in unauthorized access to restricted information.
How to mitigate CVE-2016-7890
Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.