CVE-2016-7865

EPSS 11.16%
Published 08.11.2016 17:59:10
Last modified 12.04.2025 10:46:40
Source psirt@adobe.com
Teams watchlist Login
Open Login

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected products Warnungen 0 Metrics 3 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Flash Player Version <= 23.0.0.205

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwPlatformedge Version <= 23.0.0.205

   Microsoft ≫ Windows 10 Version-
   Microsoft ≫ Windows 10 Version1511
   Microsoft ≫ Windows 10 Version1607
   Microsoft ≫ Windows 8.1 Version-
   Microsoft ≫ Windows Rt 8.1 Version-
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2
   Microsoft ≫ Windows Server 2016 Version- HwPlatformx64

Adobe ≫ Flash Player SwPlatforminternet_explorer Version <= 23.0.0.205

Adobe ≫ Flash Player SwPlatformchrome Version <= 23.0.0.205

   Apple ≫ macOS X Version-
   Google ≫ Chrome Os Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Flash Player For Linux Version <= 11.2.202.643

Linux ≫ Linux Kernel Version-

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	11.16%	0.932

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

http://rhn.redhat.com/errata/RHSA-2016-2676.html

Third Party Advisory

http://www.securitytracker.com/id/1037240

Third Party Advisory

VDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141

Patch

Vendor Advisory

https://helpx.adobe.com/security/products/flash-player/apsb16-37.html

Patch

Vendor Advisory

https://security.gentoo.org/glsa/201611-18

Third Party Advisory

http://www.securityfocus.com/bid/94151

Third Party Advisory

VDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-16-598

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-7865

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-7865

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-7865

EUVD