Vulnerability Details : CVE-2016-7881
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2016-7881
Probability of exploitation activity in the next 30 days: 1.62%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-7881
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-7881
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7881
-
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Adobe Security BulletinPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/94873
Adobe Flash Player APSB16-39 Multiple Unspecified Remote Code Execution VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1037442
Adobe Flash Player Multiple Bugs Let Remote Users Bypass Security Restrictions and Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2016-2947.html
RHSA-2016:2947 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html
[security-announce] SUSE-SU-2016:3148-1: critical: Security update for fBroken Link
-
https://security.gentoo.org/glsa/201701-17
Adobe Flash Player: Multiple vulnerabilities (GLSA 201701-17) — Gentoo securityThird Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154
Microsoft Security Bulletin MS16-154 - Critical | Microsoft DocsPatch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html
openSUSE-SU-2016:3160-1: moderate: Security update for flash-playerBroken Link
Products affected by CVE-2016-7881
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
- cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*