CVE-2016-7861 : Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier hav

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Published 2016-11-08 17:59:06

Updated 2025-04-12 10:46:41

Source Adobe Systems Incorporated

View at NVD, CVE.org

Products affected by CVE-2016-7861

Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Adobe » Flash Player » For Chrome
Versions up to, including, (<=) 23.0.0.205
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Google » Chrome Os » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player
Versions up to, including, (<=) 23.0.0.205
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » For Edge
Versions up to, including, (<=) 23.0.0.205
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 10 » Version: 1511
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows 8.1 » Version: N/A
When used together with: Microsoft » Windows Rt 8.1 » Version: N/A
When used together with: Microsoft » Windows Server 2012 » Version: N/A
When used together with: Microsoft » Windows Server 2012 » Version: R2
When used together with: Microsoft » Windows Server 2016 » Version: N/A For X64
Adobe » Flash Player » For Internet Explorer
Versions up to, including, (<=) 23.0.0.205
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 10 » Version: 1511
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows 8.1 » Version: N/A
When used together with: Microsoft » Windows Rt 8.1 » Version: N/A
When used together with: Microsoft » Windows Server 2012 » Version: N/A
When used together with: Microsoft » Windows Server 2012 » Version: R2
When used together with: Microsoft » Windows Server 2016 » Version: N/A For X64
Adobe » Flash Player For Linux
Versions up to, including, (<=) 11.2.202.643
cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2016-7861

EPSS FAQ

14.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-7861

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-7861

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-7861

http://rhn.redhat.com/errata/RHSA-2016-2676.html

RHSA-2016:2676 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1037240

Adobe Flash Player Type Confusion and Use-After-Free Memory Errors Let Remote Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141

Microsoft Security Bulletin MS16-141 - Critical | Microsoft Docs
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/94151

Adobe Flash Player Type Confusion Multiple Remote Code Execution Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.zerodayinitiative.com/advisories/ZDI-16-600

ZDI-16-600 | Zero Day Initiative
Third Party Advisory;VDB Entry
https://security.gentoo.org/glsa/201611-18

Adobe Flash Player: Multiple vulnerabilities (GLSA 201611-18) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-7861

Products affected by CVE-2016-7861

Exploit prediction scoring system (EPSS) score for CVE-2016-7861

CVSS scores for CVE-2016-7861

CWE ids for CVE-2016-7861

References for CVE-2016-7861