CVE-2016-7892
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- September 09, 2016
- Published Date
- December 15, 2016
- Last Updated
- February 04, 2025
- Vendor
- n/a
- Product
- Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
- Description
- Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2022-03-25 00:00:00 UTC) Source
References
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154
https://security.gentoo.org/glsa/201701-17
http://www.securitytracker.com/id/1037442
http://rhn.redhat.com/errata/RHSA-2016-2947.html
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
http://www.securityfocus.com/bid/94877
http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-25 00:00:00 UTC |