Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2016-7855

Published: 01/11/2016 Updated: 16/05/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Adobe

Vulnerability Summary

Use-after-free vulnerability in Adobe Flash Player prior to 23.0.0.205 on Windows and OS X and prior to 11.2.202.643 on Linux allows remote malicious users to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

redhat enterprise linux desktop 6.0

redhat enterprise linux desktop 5.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server 5.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 5.0

Vendor Advisories

Red Hat: Critical: flash-plugin security update
Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An update for flash-plugin is now available for Red Hat Enterprise Linux 5Supplementary and Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact ofCr ...
Red Hat: CVE-2016-7855
Use-after-free vulnerability in Adobe Flash Player before 2300205 on Windows and OS X and before 112202643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016 ...
Arch Linux Issues:
A use-after-free vulnerability leading to code execution has been found in Adobe Flash Player ...

Github Repositories

https://github.com/swagatbora90/CheckFlashPlayerVersion

Check the Browser's FlashPlayer version to check if it is vulnerable to exploit CVE-2016-7855

CheckFlashPlayerVersion Check the Browser's FlashPlayer version to check if it is vulnerable to exploit CVE-2016-7855 Usage: Clone this repository and then open the html file in the browser where you want to check the Flash Player version

Recent Articles

Microsoft flips Google the bird after Windows kernel bug blurt
The Register • Kieren McCarthy in San Francisco • 01 Nov 2016

Security flaw will be fixed next week, says Redmond exec

Microsoft has not responded well to Google's bug grenade, accusing the ad giant of screwing over netizens and getting its facts wrong. "We believe in coordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk," Microsoft said in a statement. It then disputed Google's claims about the seriousness of the hole. "We disagree with Google's characterization of a local elevation of privilege as 'critical' and 'particularly serious,' since the attack scenario...

Read more...
Google drops a zero-day on Microsoft: Web giant goes public with bug exploited by hackers
The Register • Richard Chirgwin • 31 Oct 2016

Even Adobe pushed its patch faster than Windows giant

Google has slung a grenade at Microsoft by disclosing a Windows vulnerability before Redmond has a patch ready. The bug can be exploited by malware on a machine to gain administrator-level access. According to this blog post by Neel Mehta and Billy Leonard of the Chocolate Factory's Threat Analysis Group, the reason for going public is simple: they've seen exploits for the bug in the wild so something has to be done now, like right now. Google describes the vulnerability, CVE-2016-7855, as: The ...

Read more...
Adobe emits emergency patch for Flash hole malware is exploiting right this minute
The Register • Shaun Nichols in San Francisco • 26 Oct 2016

Windows folks – how can we say this? UPDATE ASAP

Adobe is advising folks to update Flash Player – as malware is right now exploiting a newly discovered hole in the internet's screen door to hijack Windows PCs. The emergency patch addresses a single vulnerability, CVE-2016-7855. The use-after-free() programming blunder allows an attacker to achieve remote code execution when the user views a specially crafted Flash media file. The vulnerability was discovered and reported to Adobe by Neel Mehta and Billy Leonard from the Google Threat Analysi...

Read more...

References

CWE-416https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.htmlhttps://helpx.adobe.com/security/products/flash-player/apsb16-36.htmlhttp://www.securityfocus.com/bid/93861https://security.gentoo.org/glsa/201610-10http://www.securitytracker.com/id/1037111http://rhn.redhat.com/errata/RHSA-2016-2119.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128https://access.redhat.com/errata/RHSA-2016:2119https://nvd.nist.govhttps://github.com/swagatbora90/CheckFlashPlayerVersionhttps://security.archlinux.org/CVE-2016-7855
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook