CVE-2016-7877
Published on: 12/15/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:07 PM UTC
Certain versions of Flash Player from Adobe contain the following vulnerability:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.
- CVE-2016-7877 has been assigned by
[email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 10 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Adobe Flash Player: Multiple vulnerabilities (GLSA 201701-17) — Gentoo security | security.gentoo.org text/html |
![]() |
[security-announce] SUSE-SU-2016:3148-1: critical: Security update for f | lists.opensuse.org text/html |
![]() |
Adobe Flash Player APSB16-39 Multiple Unspecified Remote Code Execution Vulnerabilities | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
Adobe Security Bulletin | Patch Vendor Advisory helpx.adobe.com text/html |
![]() |
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
Microsoft Security Bulletin MS16-154 - Critical | Microsoft Docs | docs.microsoft.com text/html |
![]() |
Adobe Flash Player Multiple Bugs Let Remote Users Bypass Security Restrictions and Execute Arbitrary Code - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
![]() |
openSUSE-SU-2016:3160-1: moderate: Security update for flash-player | lists.opensuse.org text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
Application | Adobe | Flash Player | All | All | All | All |
Application | Adobe | Flash Player For Linux | All | All | All | All |
Operating System | Apple | Mac Os X | All | All | All | All |
Operating System | Apple | Mac Os X | All | All | All | All |
Operating System | Chrome Os | All | All | All | All | |
Operating System | Chrome Os | All | All | All | All | |
Operating System | Linux | Linux Kernel | All | All | All | All |
Operating System | Linux | Linux Kernel | All | All | All | All |
Operating System | Microsoft | Windows | All | All | All | All |
Operating System | Microsoft | Windows | All | All | All | All |
Operating System | Microsoft | Windows 10 | All | All | All | All |
Operating System | Microsoft | Windows 10 | All | All | All | All |
Operating System | Microsoft | Windows 8.1 | All | All | All | All |
Operating System | Microsoft | Windows 8.1 | All | All | All | All |
- cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:*:
- cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:*:
- cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:*:
- cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:*:
- cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:*:
- cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:*:
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*:
- cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
- cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*:
- cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE