cvelistv5 - cve-2016-7855

CVE-2016-7855 (GCVE-0-2016-7855)

Vulnerability from cvelistv5 – Published: 2016-11-01 22:46 – Updated: 2025-10-21 23:55

CISA

Summary

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

adobe

References

URL

Tags

	https://security.gentoo.org/glsa/201610-10	vendor-advisoryx_refsource_GENTOO
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securitytracker.com/id/1037111	vdb-entryx_refsource_SECTRACK
	https://helpx.adobe.com/security/products/flash-p…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2119.html	vendor-advisoryx_refsource_REDHAT
	https://security.googleblog.com/2016/10/disclosin…	x_refsource_MISC
	http://www.securityfocus.com/bid/93861	vdb-entryx_refsource_BID

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-03-03

Due date: 2022-03-24

Required action: The impacted product is end-of-life and should be disconnected if still in use.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-7855

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:20.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201610-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201610-10"
          },
          {
            "name": "MS16-128",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
          },
          {
            "name": "1037111",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037111"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
          },
          {
            "name": "RHSA-2016:2119",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
          },
          {
            "name": "93861",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93861"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2016-7855",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T21:34:22.948384Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:55:49.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00+00:00",
            "value": "CVE-2016-7855 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "GLSA-201610-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201610-10"
        },
        {
          "name": "MS16-128",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
        },
        {
          "name": "1037111",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037111"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
        },
        {
          "name": "RHSA-2016:2119",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
        },
        {
          "name": "93861",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93861"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2016-7855",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201610-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201610-10"
            },
            {
              "name": "MS16-128",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
            },
            {
              "name": "1037111",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037111"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
            },
            {
              "name": "RHSA-2016:2119",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
            },
            {
              "name": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html",
              "refsource": "MISC",
              "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
            },
            {
              "name": "93861",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93861"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2016-7855",
    "datePublished": "2016-11-01T22:46:00.000Z",
    "dateReserved": "2016-09-09T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:55:49.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2016-7855",
      "cwes": "[\"CWE-416\"]",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-7855",
      "product": "Flash Player",
      "requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
      "shortDescription": "Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-03-24",
      "cisaExploitAdd": "2022-03-03",
      "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
      "cisaVulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability",
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\", \"versionEndIncluding\": \"23.0.0.185\", \"matchCriteriaId\": \"72678265-8BF8-4C66-B910-84E7C3961B18\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\", \"versionEndIncluding\": \"23.0.0.185\", \"matchCriteriaId\": \"17EC9D4E-B2BE-413A-A682-03DFA8E93A6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*\", \"versionEndIncluding\": \"23.0.0.185\", \"matchCriteriaId\": \"E97950E9-801B-46B5-AF10-384ADE92C567\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21540673-614A-4D40-8BD7-3F07723803B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"232581CC-130A-4C62-A7E9-2EC9A9364D53\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:linux:*:*\", \"versionEndIncluding\": \"11.2.202.637\", \"matchCriteriaId\": \"AEAF53E4-99E9-4554-B79C-A84527B631CF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"23.0.0.185\", \"matchCriteriaId\": \"E43F3177-CF1C-41EF-8C6E-61177A79BEEA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de uso despu\\u00e9s de liberaci\\u00f3n de memoria en Adobe Flash Player en versiones anteriores a 23.0.0.205 en Windows y OS X y en versiones anteriores a 11.2.202.643 en Linux permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de vectores no especificados, seg\\u00fan se ha explotado activamente en octubre de 2016.\"}]",
      "id": "CVE-2016-7855",
      "lastModified": "2024-11-21T02:58:35.730",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-11-01T22:59:00.167",
      "references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2119.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93861\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037111\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201610-10\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2119.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93861\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037111\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201610-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-7855\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2016-11-01T22:59:00.167\",\"lastModified\":\"2025-10-22T00:15:56.243\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Adobe Flash Player en versiones anteriores a 23.0.0.205 en Windows y OS X y en versiones anteriores a 11.2.202.643 en Linux permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, seg\u00fan se ha explotado activamente en octubre de 2016.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-03-03\",\"cisaActionDue\":\"2022-03-24\",\"cisaRequiredAction\":\"The impacted product is end-of-life and should be disconnected if still in use.\",\"cisaVulnerabilityName\":\"Adobe Flash Player Use-After-Free Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\",\"versionEndIncluding\":\"23.0.0.185\",\"matchCriteriaId\":\"72678265-8BF8-4C66-B910-84E7C3961B18\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\",\"versionEndIncluding\":\"23.0.0.185\",\"matchCriteriaId\":\"17EC9D4E-B2BE-413A-A682-03DFA8E93A6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*\",\"versionEndIncluding\":\"23.0.0.185\",\"matchCriteriaId\":\"E97950E9-801B-46B5-AF10-384ADE92C567\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:linux:*:*\",\"versionEndIncluding\":\"11.2.202.637\",\"matchCriteriaId\":\"AEAF53E4-99E9-4554-B79C-A84527B631CF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"23.0.0.185\",\"matchCriteriaId\":\"E43F3177-CF1C-41EF-8C6E-61177A79BEEA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2119.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93861\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037111\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201610-10\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2119.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201610-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"n/a\", \"vendor\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2016-10-26T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"n/a\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2018-10-12T19:57:01.000Z\", \"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\"}, \"references\": [{\"name\": \"GLSA-201610-10\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"], \"url\": \"https://security.gentoo.org/glsa/201610-10\"}, {\"name\": \"MS16-128\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"], \"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128\"}, {\"name\": \"1037111\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"], \"url\": \"http://www.securitytracker.com/id/1037111\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\"}, {\"name\": \"RHSA-2016:2119\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2119.html\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\"}, {\"name\": \"93861\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"], \"url\": \"http://www.securityfocus.com/bid/93861\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"psirt@adobe.com\", \"ID\": \"CVE-2016-7855\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"n/a\", \"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}}]}, \"vendor_name\": \"n/a\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"GLSA-201610-10\", \"refsource\": \"GENTOO\", \"url\": \"https://security.gentoo.org/glsa/201610-10\"}, {\"name\": \"MS16-128\", \"refsource\": \"MS\", \"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128\"}, {\"name\": \"1037111\", \"refsource\": \"SECTRACK\", \"url\": \"http://www.securitytracker.com/id/1037111\"}, {\"name\": \"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\", \"refsource\": \"CONFIRM\", \"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\"}, {\"name\": \"RHSA-2016:2119\", \"refsource\": \"REDHAT\", \"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2119.html\"}, {\"name\": \"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\", \"refsource\": \"MISC\", \"url\": \"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\"}, {\"name\": \"93861\", \"refsource\": \"BID\", \"url\": \"http://www.securityfocus.com/bid/93861\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T02:13:20.158Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"GLSA-201610-10\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"], \"url\": \"https://security.gentoo.org/glsa/201610-10\"}, {\"name\": \"MS16-128\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"], \"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128\"}, {\"name\": \"1037111\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"], \"url\": \"http://www.securitytracker.com/id/1037111\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\"}, {\"name\": \"RHSA-2016:2119\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2119.html\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\"}, {\"name\": \"93861\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"], \"url\": \"http://www.securityfocus.com/bid/93861\"}]}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2016-7855\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T21:34:22.948384Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T21:34:29.980Z\"}, \"timeline\": [{\"time\": \"2022-03-03T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2016-7855 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"assignerShortName\": \"adobe\", \"cveId\": \"CVE-2016-7855\", \"datePublished\": \"2016-11-01T22:46:00.000Z\", \"dateReserved\": \"2016-09-09T00:00:00.000Z\", \"dateUpdated\": \"2025-10-21T19:55:50.213Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2016-7855

Vulnerability from fkie_nvd - Published: 2016-11-01 22:59 - Updated: 2025-10-22 00:15

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@adobe.com	http://rhn.redhat.com/errata/RHSA-2016-2119.html	Third Party Advisory
psirt@adobe.com	http://www.securityfocus.com/bid/93861	Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.securitytracker.com/id/1037111	Third Party Advisory, VDB Entry
psirt@adobe.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128	Patch, Vendor Advisory
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb16-36.html	Patch, Vendor Advisory
psirt@adobe.com	https://security.gentoo.org/glsa/201610-10	Third Party Advisory
psirt@adobe.com	https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2016-2119.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93861	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037111	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb16-36.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201610-10	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855

Impacted products

Vendor	Product	Version
adobe	flash_player	*
apple	mac_os_x	-
google	chrome_os	-
linux	linux_kernel	-
microsoft	windows	-
adobe	flash_player	*
adobe	flash_player	*
microsoft	windows_10	-
microsoft	windows_10	1511
microsoft	windows_10	1607
microsoft	windows_8.1	-
microsoft	windows_rt_8.1	-
microsoft	windows_server_2012	-
microsoft	windows_server_2012	r2
adobe	flash_player	*
linux	linux_kernel	-
adobe	flash_player	*
apple	mac_os_x	-
microsoft	windows	-
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	5.0
redhat	enterprise_linux_workstation	6.0

JSON

To clipboard

{
  "cisaActionDue": "2022-03-24",
  "cisaExploitAdd": "2022-03-03",
  "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
  "cisaVulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
              "matchCriteriaId": "72678265-8BF8-4C66-B910-84E7C3961B18",
              "versionEndIncluding": "23.0.0.185",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
              "matchCriteriaId": "17EC9D4E-B2BE-413A-A682-03DFA8E93A6B",
              "versionEndIncluding": "23.0.0.185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
              "matchCriteriaId": "E97950E9-801B-46B5-AF10-384ADE92C567",
              "versionEndIncluding": "23.0.0.185",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
              "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "AEAF53E4-99E9-4554-B79C-A84527B631CF",
              "versionEndIncluding": "11.2.202.637",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E43F3177-CF1C-41EF-8C6E-61177A79BEEA",
              "versionEndIncluding": "23.0.0.185",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Adobe Flash Player en versiones anteriores a 23.0.0.205 en Windows y OS X y en versiones anteriores a 11.2.202.643 en Linux permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, seg\u00fan se ha explotado activamente en octubre de 2016."
    }
  ],
  "id": "CVE-2016-7855",
  "lastModified": "2025-10-22T00:15:56.243",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2016-11-01T22:59:00.167",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93861"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037111"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201610-10"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201610-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GSD-2016-7855

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-7855

Aliases

CVE-2016-7855

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7855",
    "description": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",
    "id": "GSD-2016-7855",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-7855.html",
      "https://access.redhat.com/errata/RHSA-2016:2119",
      "https://advisories.mageia.org/CVE-2016-7855.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7855"
      ],
      "details": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",
      "id": "GSD-2016-7855",
      "modified": "2023-12-13T01:21:20.883295Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2016-7855",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "product": "Flash Player",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2016-7855",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201610-10",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201610-10"
          },
          {
            "name": "MS16-128",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
          },
          {
            "name": "1037111",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037111"
          },
          {
            "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
          },
          {
            "name": "RHSA-2016:2119",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
          },
          {
            "name": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html",
            "refsource": "MISC",
            "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
          },
          {
            "name": "93861",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93861"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23.0.0.185",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23.0.0.185",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23.0.0.185",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:linux:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.2.202.637",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23.0.0.185",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2016-7855"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
            },
            {
              "name": "93861",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93861"
            },
            {
              "name": "GLSA-201610-10",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201610-10"
            },
            {
              "name": "1037111",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037111"
            },
            {
              "name": "RHSA-2016:2119",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
            },
            {
              "name": "MS16-128",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-05-16T17:14Z",
      "publishedDate": "2016-11-01T22:59Z"
    }
  }
}

CNVD-2016-10244

Vulnerability from cnvd - Published: 2016-10-29

Title

Adobe Flash Player内存错误引用远程代码执行漏洞（CNVD-2016-10244）

Description

Adobe Flash Player是一款跨平台、基于浏览器的多媒体播放器产品。 Adobe Flash Player在实现上存在内存错误引用远程代码执行漏洞。允许远程攻击者可利用该漏洞构建恶意SWF文件，诱使应用解析，可执行任意代码。

Severity

高

Patch Name

Adobe Flash Player内存错误引用远程代码执行漏洞（CNVD-2016-10244）的补丁

Patch Description

Adobe Flash Player是一款跨平台、基于浏览器的多媒体播放器产品。 Adobe Flash Player在实现上存在内存错误引用远程代码执行漏洞。允许远程攻击者可利用该漏洞构建恶意SWF文件，诱使应用解析，可执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-36.html

Reference

https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-36.html

Impacted products

Name
['Adobe Flash Player Desktop Runtime <=23.0.0.185', 'Adobe Flash Player(on Windows/OS X) <=23.0.0.185', 'Adobe Flash Player(on Linux) <=11.2.202.637', 'Adobe Flash Player <=23.0.0.185']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93861"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7855"
    }
  },
  "description": "Adobe Flash Player\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\u3002\r\n\r\nAdobe Flash Player\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u5efa\u6076\u610fSWF\u6587\u4ef6\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Neel Mehta and Billy Leonard from Google\u0027s Threat Analysis Group.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-36.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10244",
  "openTime": "2016-10-29",
  "patchDescription": "Adobe Flash Player\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\u3002\r\n\r\nAdobe Flash Player\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u5efa\u6076\u610fSWF\u6587\u4ef6\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Flash Player\u5185\u5b58\u9519\u8bef\u5f15\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2016-10244\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Flash Player Desktop Runtime \u003c=23.0.0.185",
      "Adobe Flash Player(on Windows/OS X) \u003c=23.0.0.185",
      "Adobe Flash Player(on Linux) \u003c=11.2.202.637",
      "Adobe Flash Player \u003c=23.0.0.185"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-36.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-10-28",
  "title": "Adobe Flash Player\u5185\u5b58\u9519\u8bef\u5f15\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2016-10244\uff09"
}

RHSA-2016_2119

Vulnerability from csaf_redhat - Published: 2016-10-27 04:16 - Updated: 2024-11-14 20:49

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.643. Security Fix(es): * This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-7855)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 11.2.202.643.\n\nSecurity Fix(es):\n\n* This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-7855)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:2119",
        "url": "https://access.redhat.com/errata/RHSA-2016:2119"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
      },
      {
        "category": "external",
        "summary": "1389033",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389033"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2119.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T20:49:50+00:00",
      "generator": {
        "date": "2024-11-14T20:49:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2016:2119",
      "initial_release_date": "2016-10-27T04:16:16+00:00",
      "revision_history": [
        {
          "date": "2016-10-27T04:16:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-10-27T04:16:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T20:49:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary-5.11.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary-5.11.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.8.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.8.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.8.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:11.2.202.643-1.el5_11.i386",
                "product": {
                  "name": "flash-plugin-0:11.2.202.643-1.el5_11.i386",
                  "product_id": "flash-plugin-0:11.2.202.643-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@11.2.202.643-1.el5_11?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
                "product": {
                  "name": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
                  "product_id": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@11.2.202.643-1.el6_8?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:11.2.202.643-1.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386"
        },
        "product_reference": "flash-plugin-0:11.2.202.643-1.el5_11.i386",
        "relates_to_product_reference": "5Client-Supplementary-5.11.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:11.2.202.643-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386"
        },
        "product_reference": "flash-plugin-0:11.2.202.643-1.el5_11.i386",
        "relates_to_product_reference": "5Server-Supplementary-5.11.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:11.2.202.643-1.el6_8.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
        },
        "product_reference": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.8.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:11.2.202.643-1.el6_8.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
        },
        "product_reference": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.8.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:11.2.202.643-1.el6_8.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
        },
        "product_reference": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7855",
      "discovery_date": "2016-10-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1389033"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: use-after-free issue fixed in APSB16-36",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
          "5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
          "6Client-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
          "6Server-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
          "6Workstation-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-7855"
        },
        {
          "category": "external",
          "summary": "RHBZ#1389033",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389033"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7855",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-7855"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7855",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7855"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2016-10-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-10-27T04:16:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
            "5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
            "6Client-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
            "6Server-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
            "6Workstation-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:2119"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
            "5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
            "6Client-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
            "6Server-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
            "6Workstation-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: use-after-free issue fixed in APSB16-36"
    }
  ]
}

RHSA-2016:2119

Vulnerability from csaf_redhat - Published: 2016-10-27 04:16 - Updated: 2025-11-21 17:58

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 11.2.202.643.\n\nSecurity Fix(es):\n\n* This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-7855)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:2119",
        "url": "https://access.redhat.com/errata/RHSA-2016:2119"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
      },
      {
        "category": "external",
        "summary": "1389033",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389033"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2119.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:58:05+00:00",
      "generator": {
        "date": "2025-11-21T17:58:05+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2016:2119",
      "initial_release_date": "2016-10-27T04:16:16+00:00",
      "revision_history": [
        {
          "date": "2016-10-27T04:16:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-10-27T04:16:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:58:05+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary-5.11.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary-5.11.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.8.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.8.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.8.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:11.2.202.643-1.el5_11.i386",
                "product": {
                  "name": "flash-plugin-0:11.2.202.643-1.el5_11.i386",
                  "product_id": "flash-plugin-0:11.2.202.643-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@11.2.202.643-1.el5_11?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
                "product": {
                  "name": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
                  "product_id": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@11.2.202.643-1.el6_8?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:11.2.202.643-1.el5_11.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386"
        },
        "product_reference": "flash-plugin-0:11.2.202.643-1.el5_11.i386",
        "relates_to_product_reference": "5Client-Supplementary-5.11.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:11.2.202.643-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386"
        },
        "product_reference": "flash-plugin-0:11.2.202.643-1.el5_11.i386",
        "relates_to_product_reference": "5Server-Supplementary-5.11.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:11.2.202.643-1.el6_8.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
        },
        "product_reference": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.8.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:11.2.202.643-1.el6_8.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
        },
        "product_reference": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.8.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:11.2.202.643-1.el6_8.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
        },
        "product_reference": "flash-plugin-0:11.2.202.643-1.el6_8.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.8.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7855",
      "discovery_date": "2016-10-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1389033"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: use-after-free issue fixed in APSB16-36",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
          "5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
          "6Client-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
          "6Server-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
          "6Workstation-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-7855"
        },
        {
          "category": "external",
          "summary": "RHBZ#1389033",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389033"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7855",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-7855"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7855",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7855"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2016-10-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-10-27T04:16:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
            "5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
            "6Client-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
            "6Server-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
            "6Workstation-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:2119"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "5Client-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
            "5Server-Supplementary-5.11.Z:flash-plugin-0:11.2.202.643-1.el5_11.i386",
            "6Client-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
            "6Server-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686",
            "6Workstation-Supplementary-6.8.z:flash-plugin-0:11.2.202.643-1.el6_8.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: use-after-free issue fixed in APSB16-36"
    }
  ]
}

CERTFR-2016-ALE-008

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité a été découverte dans Microsoft Windows. Elle permet à un attaquant de provoquer une élévation de privilèges.

Description

Le 31 octobre 2016, le groupe d'analyse de la menace de Google (Threat Analysis Group) a annoncé publiquement l'existence d'une vulnérabilité de type 0 jour permettant une élévation de privilèges dans le noyau de Windows (cf. section Documentation).
Celle-ci est activement exploitée, dans le cadre d'attaques ciblées, de manière conjointe avec la vulnérabilité CVE-2016-7855 affectant le Flash Player d'Adobe (cf. section Documentation).
Microsoft a publié un correctif le 8 novembre 2016, à l'occasion de leur mise à jour mensuelle.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation)

Microsoft Windows, toutes versions

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce Microsoft du 01 novembre 2016	None	vendor-advisory
Avis CERT-FR CERTFR-2016-AVI-364 Adobe Flash Player	-	other
Avis CERT-FR CERTFR-2016-AVI-374 Microsoft Windows	-	other
Google Security Blog	-	other
Microsoft Device Guard	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Windows, toutes versions\u003c/P\u003e",
  "closed_at": "2016-11-09",
  "content": "## Description\n\nLe 31 octobre 2016, le groupe d\u0027analyse de la menace de Google (Threat\nAnalysis Group) a annonc\u00e9 publiquement l\u0027existence d\u0027une vuln\u00e9rabilit\u00e9\nde type 0 jour permettant une \u00e9l\u00e9vation de privil\u00e8ges dans le noyau de\nWindows (cf. section Documentation).  \nCelle-ci est activement exploit\u00e9e, dans le cadre d\u0027attaques cibl\u00e9es, de\nmani\u00e8re conjointe avec la vuln\u00e9rabilit\u00e9 CVE-2016-7855 affectant le Flash\nPlayer d\u0027Adobe (cf. section Documentation).  \nMicrosoft a publi\u00e9 un correctif le 8 novembre 2016, \u00e0 l\u0027occasion de leur\nmise \u00e0 jour mensuelle.  \n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation)\n",
  "cves": [
    {
      "name": "CVE-2016-7855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7855"
    },
    {
      "name": "CVE-2016-7255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7255"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2016-AVI-364 Adobe Flash Player",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-364/index.html"
    },
    {
      "title": "Avis CERT-FR CERTFR-2016-AVI-374 Microsoft Windows",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-374/index.html"
    },
    {
      "title": "Google Security Blog",
      "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
    },
    {
      "title": "Microsoft Device Guard",
      "url": "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies"
    }
  ],
  "reference": "CERTFR-2016-ALE-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-11-02T00:00:00.000000"
    },
    {
      "description": "cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2016-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eMicrosoft\nWindows\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce Microsoft du 01 novembre 2016",
      "url": "https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/"
    }
  ]
}

CERTFR-2016-ALE-008

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité a été découverte dans Microsoft Windows. Elle permet à un attaquant de provoquer une élévation de privilèges.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation)

Microsoft Windows, toutes versions

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce Microsoft du 01 novembre 2016	None	vendor-advisory
Avis CERT-FR CERTFR-2016-AVI-364 Adobe Flash Player	-	other
Avis CERT-FR CERTFR-2016-AVI-374 Microsoft Windows	-	other
Google Security Blog	-	other
Microsoft Device Guard	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Windows, toutes versions\u003c/P\u003e",
  "closed_at": "2016-11-09",
  "content": "## Description\n\nLe 31 octobre 2016, le groupe d\u0027analyse de la menace de Google (Threat\nAnalysis Group) a annonc\u00e9 publiquement l\u0027existence d\u0027une vuln\u00e9rabilit\u00e9\nde type 0 jour permettant une \u00e9l\u00e9vation de privil\u00e8ges dans le noyau de\nWindows (cf. section Documentation).  \nCelle-ci est activement exploit\u00e9e, dans le cadre d\u0027attaques cibl\u00e9es, de\nmani\u00e8re conjointe avec la vuln\u00e9rabilit\u00e9 CVE-2016-7855 affectant le Flash\nPlayer d\u0027Adobe (cf. section Documentation).  \nMicrosoft a publi\u00e9 un correctif le 8 novembre 2016, \u00e0 l\u0027occasion de leur\nmise \u00e0 jour mensuelle.  \n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation)\n",
  "cves": [
    {
      "name": "CVE-2016-7855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7855"
    },
    {
      "name": "CVE-2016-7255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7255"
    }
  ],
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2016-AVI-364 Adobe Flash Player",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-364/index.html"
    },
    {
      "title": "Avis CERT-FR CERTFR-2016-AVI-374 Microsoft Windows",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-374/index.html"
    },
    {
      "title": "Google Security Blog",
      "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
    },
    {
      "title": "Microsoft Device Guard",
      "url": "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies"
    }
  ],
  "reference": "CERTFR-2016-ALE-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-11-02T00:00:00.000000"
    },
    {
      "description": "cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2016-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eMicrosoft\nWindows\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce Microsoft du 01 novembre 2016",
      "url": "https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/"
    }
  ]
}

SUSE-SU-2016:2662-1

Vulnerability from csaf_suse - Published: 2016-10-27 12:26 - Updated: 2016-10-27 12:26

Summary

Security update for flash-player

Notes

Title of the patch

Security update for flash-player

Description of the patch

This update for flash-player to version 11.2.202.643 fixes one security issue. This security issue was fixed: - CVE-2016-7855: Use-after-free vulnerability that could lead to code execution (bsc#1007098).

Patchnames

SUSE-SLE-DESKTOP-12-SP1-2016-1566,SUSE-SLE-WE-12-SP1-2016-1566

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for flash-player",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for flash-player to version 11.2.202.643 fixes one security issue.\n\t  \nThis security issue was fixed:\n\n- CVE-2016-7855: Use-after-free vulnerability that could lead to code execution (bsc#1007098).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP1-2016-1566,SUSE-SLE-WE-12-SP1-2016-1566",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2662-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:2662-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162662-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:2662-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-October/002372.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1007098",
        "url": "https://bugzilla.suse.com/1007098"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7855 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7855/"
      }
    ],
    "title": "Security update for flash-player",
    "tracking": {
      "current_release_date": "2016-10-27T12:26:23Z",
      "generator": {
        "date": "2016-10-27T12:26:23Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:2662-1",
      "initial_release_date": "2016-10-27T12:26:23Z",
      "revision_history": [
        {
          "date": "2016-10-27T12:26:23Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-player-11.2.202.643-146.1.x86_64",
                "product": {
                  "name": "flash-player-11.2.202.643-146.1.x86_64",
                  "product_id": "flash-player-11.2.202.643-146.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "flash-player-gnome-11.2.202.643-146.1.x86_64",
                "product": {
                  "name": "flash-player-gnome-11.2.202.643-146.1.x86_64",
                  "product_id": "flash-player-gnome-11.2.202.643-146.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Workstation Extension 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Workstation Extension 12 SP1",
                  "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-we:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-player-11.2.202.643-146.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:flash-player-11.2.202.643-146.1.x86_64"
        },
        "product_reference": "flash-player-11.2.202.643-146.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-player-gnome-11.2.202.643-146.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-11.2.202.643-146.1.x86_64"
        },
        "product_reference": "flash-player-gnome-11.2.202.643-146.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-player-11.2.202.643-146.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP1",
          "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-11.2.202.643-146.1.x86_64"
        },
        "product_reference": "flash-player-11.2.202.643-146.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-player-gnome-11.2.202.643-146.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP1",
          "product_id": "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-11.2.202.643-146.1.x86_64"
        },
        "product_reference": "flash-player-gnome-11.2.202.643-146.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7855",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7855"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:flash-player-11.2.202.643-146.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-11.2.202.643-146.1.x86_64",
          "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-11.2.202.643-146.1.x86_64",
          "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-11.2.202.643-146.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7855",
          "url": "https://www.suse.com/security/cve/CVE-2016-7855"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007098 for CVE-2016-7855",
          "url": "https://bugzilla.suse.com/1007098"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:flash-player-11.2.202.643-146.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-11.2.202.643-146.1.x86_64",
            "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-11.2.202.643-146.1.x86_64",
            "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-11.2.202.643-146.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:flash-player-11.2.202.643-146.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:flash-player-gnome-11.2.202.643-146.1.x86_64",
            "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-11.2.202.643-146.1.x86_64",
            "SUSE Linux Enterprise Workstation Extension 12 SP1:flash-player-gnome-11.2.202.643-146.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-27T12:26:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-7855"
    }
  ]
}

GHSA-FQ8G-M89M-MRW9

Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2025-10-22 00:31

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-01T22:59:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",
  "id": "GHSA-fq8g-m89m-mrw9",
  "modified": "2025-10-22T00:31:17Z",
  "published": "2022-05-14T01:01:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7855"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201610-10"
    },
    {
      "type": "WEB",
      "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93861"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037111"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2016-AVI-364

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Adobe Flash Player. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Adobe indique que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Linux versions antérieures à 11.2.202.643 sur Linux
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 23.0.0.205 sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions antérieures à 23.0.0.205 sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player pour Google Chrome versions antérieures à 23.0.0.205 sur Windows, Macintosh, Linux et Chrome OS

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb16-36 du 26 octobre 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Linux versions ant\u00e9rieures \u00e0 11.2.202.643 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 23.0.0.205 sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions ant\u00e9rieures \u00e0 23.0.0.205 sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions ant\u00e9rieures \u00e0 23.0.0.205 sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-7855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7855"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-364",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eAdobe Flash\nPlayer\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.  \nAdobe indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans le\ncadre d\u0027attaques cibl\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb16-36 du 26 octobre 2016",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
    }
  ]
}

CERTFR-2016-AVI-364

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Linux versions antérieures à 11.2.202.643 sur Linux
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 23.0.0.205 sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions antérieures à 23.0.0.205 sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player pour Google Chrome versions antérieures à 23.0.0.205 sur Windows, Macintosh, Linux et Chrome OS

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb16-36 du 26 octobre 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Linux versions ant\u00e9rieures \u00e0 11.2.202.643 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 23.0.0.205 sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions ant\u00e9rieures \u00e0 23.0.0.205 sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions ant\u00e9rieures \u00e0 23.0.0.205 sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-7855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7855"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-364",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eAdobe Flash\nPlayer\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.  \nAdobe indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans le\ncadre d\u0027attaques cibl\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb16-36 du 26 octobre 2016",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-7855 (GCVE-0-2016-7855)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Description

Solution

Description

Solution

Solution

Solution

Tags

Sightings

Nomenclature