#VU1280 Memory corruption in Animate - CVE-2016-7866
Published: December 13, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU1280
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2016-7866
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Animate
Animate
Software vendor:
Adobe
Adobe
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote attacker can execute arbitrary code on the target system via unknown attack vectors.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Remediation
The vulnerability is fixed in version 16.0.0.112 for Windows and Macintosh:
https://creative.adobe.com/products/download/animate
https://creative.adobe.com/products/download/animate