Vulnerability-Lookup

CVE-2016-7855 (GCVE-0-2016-7855)

Vulnerability from cvelistv5 – Published: 2016-11-01 22:46 – Updated: 2025-10-21 23:55

Summary

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

adobe

References

URL

Tags

	https://security.gentoo.org/glsa/201610-10	vendor-advisoryx_refsource_GENTOO
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securitytracker.com/id/1037111	vdb-entryx_refsource_SECTRACK
	https://helpx.adobe.com/security/products/flash-p…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2119.html	vendor-advisoryx_refsource_REDHAT
	https://security.googleblog.com/2016/10/disclosin…	x_refsource_MISC
	http://www.securityfocus.com/bid/93861	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:20.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201610-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201610-10"
          },
          {
            "name": "MS16-128",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
          },
          {
            "name": "1037111",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037111"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
          },
          {
            "name": "RHSA-2016:2119",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
          },
          {
            "name": "93861",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93861"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2016-7855",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T21:34:22.948384Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:55:49.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00.000Z",
            "value": "CVE-2016-7855 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "GLSA-201610-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201610-10"
        },
        {
          "name": "MS16-128",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
        },
        {
          "name": "1037111",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037111"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
        },
        {
          "name": "RHSA-2016:2119",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
        },
        {
          "name": "93861",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93861"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2016-7855",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201610-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201610-10"
            },
            {
              "name": "MS16-128",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
            },
            {
              "name": "1037111",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037111"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
            },
            {
              "name": "RHSA-2016:2119",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
            },
            {
              "name": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html",
              "refsource": "MISC",
              "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
            },
            {
              "name": "93861",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93861"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2016-7855",
    "datePublished": "2016-11-01T22:46:00.000Z",
    "dateReserved": "2016-09-09T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:55:49.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2016-7855",
      "cwes": "[\"CWE-416\"]",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2016-7855",
      "product": "Flash Player",
      "requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
      "shortDescription": "Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.gentoo.org/glsa/201610-10\", \"name\": \"GLSA-201610-10\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128\", \"name\": \"MS16-128\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1037111\", \"name\": \"1037111\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2119.html\", \"name\": \"RHSA-2016:2119\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/93861\", \"name\": \"93861\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T02:13:20.158Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2016-7855\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T21:34:22.948384Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-03T00:00:00.000Z\", \"value\": \"CVE-2016-7855 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T21:34:29.980Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2016-10-26T00:00:00.000Z\", \"references\": [{\"url\": \"https://security.gentoo.org/glsa/201610-10\", \"name\": \"GLSA-201610-10\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128\", \"name\": \"MS16-128\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"http://www.securitytracker.com/id/1037111\", \"name\": \"1037111\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2119.html\", \"name\": \"RHSA-2016:2119\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.securityfocus.com/bid/93861\", \"name\": \"93861\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2018-10-12T19:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://security.gentoo.org/glsa/201610-10\", \"name\": \"GLSA-201610-10\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128\", \"name\": \"MS16-128\", \"refsource\": \"MS\"}, {\"url\": \"http://www.securitytracker.com/id/1037111\", \"name\": \"1037111\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\", \"name\": \"https://helpx.adobe.com/security/products/flash-player/apsb16-36.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2119.html\", \"name\": \"RHSA-2016:2119\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\", \"name\": \"https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.securityfocus.com/bid/93861\", \"name\": \"93861\", \"refsource\": \"BID\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2016-7855\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@adobe.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2016-7855\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:55:49.007Z\", \"dateReserved\": \"2016-09-09T00:00:00.000Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2016-11-01T22:46:00.000Z\", \"assignerShortName\": \"adobe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2016-AVI-364

Vulnerability from certfr_avis - Published: 2016-10-27 - Updated: 2016-10-27

Une vulnérabilité a été corrigée dans Adobe Flash Player. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Adobe indique que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Linux versions antérieures à 11.2.202.643 sur Linux
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 23.0.0.205 sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions antérieures à 23.0.0.205 sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player pour Google Chrome versions antérieures à 23.0.0.205 sur Windows, Macintosh, Linux et Chrome OS

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb16-36 du 26 octobre 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Linux versions ant\u00e9rieures \u00e0 11.2.202.643 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 23.0.0.205 sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions ant\u00e9rieures \u00e0 23.0.0.205 sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions ant\u00e9rieures \u00e0 23.0.0.205 sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-7855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7855"
    }
  ],
  "initial_release_date": "2016-10-27T00:00:00",
  "last_revision_date": "2016-10-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-364",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eAdobe Flash\nPlayer\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.  \nAdobe indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans le\ncadre d\u0027attaques cibl\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb16-36 du 26 octobre 2016",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
    }
  ]
}

CERTFR-2016-ALE-008

Vulnerability from certfr_alerte - Published: 2016-11-02 - Updated: 2016-11-09

Une vulnérabilité a été découverte dans Microsoft Windows. Elle permet à un attaquant de provoquer une élévation de privilèges.

Description

Le 31 octobre 2016, le groupe d'analyse de la menace de Google (Threat Analysis Group) a annoncé publiquement l'existence d'une vulnérabilité de type 0 jour permettant une élévation de privilèges dans le noyau de Windows (cf. section Documentation).
Celle-ci est activement exploitée, dans le cadre d'attaques ciblées, de manière conjointe avec la vulnérabilité CVE-2016-7855 affectant le Flash Player d'Adobe (cf. section Documentation).
Microsoft a publié un correctif le 8 novembre 2016, à l'occasion de leur mise à jour mensuelle.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation)

Microsoft Windows, toutes versions

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce Microsoft du 01 novembre 2016	None	vendor-advisory
Avis CERT-FR CERTFR-2016-AVI-364 Adobe Flash Player	-	other
Avis CERT-FR CERTFR-2016-AVI-374 Microsoft Windows	-	other
Google Security Blog	-	other
Microsoft Device Guard	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Windows, toutes versions\u003c/P\u003e",
  "closed_at": "2016-11-09",
  "content": "## Description\n\nLe 31 octobre 2016, le groupe d\u0027analyse de la menace de Google (Threat\nAnalysis Group) a annonc\u00e9 publiquement l\u0027existence d\u0027une vuln\u00e9rabilit\u00e9\nde type 0 jour permettant une \u00e9l\u00e9vation de privil\u00e8ges dans le noyau de\nWindows (cf. section Documentation).  \nCelle-ci est activement exploit\u00e9e, dans le cadre d\u0027attaques cibl\u00e9es, de\nmani\u00e8re conjointe avec la vuln\u00e9rabilit\u00e9 CVE-2016-7855 affectant le Flash\nPlayer d\u0027Adobe (cf. section Documentation).  \nMicrosoft a publi\u00e9 un correctif le 8 novembre 2016, \u00e0 l\u0027occasion de leur\nmise \u00e0 jour mensuelle.  \n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation)\n",
  "cves": [
    {
      "name": "CVE-2016-7855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7855"
    },
    {
      "name": "CVE-2016-7255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7255"
    }
  ],
  "initial_release_date": "2016-11-02T00:00:00",
  "last_revision_date": "2016-11-09T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2016-AVI-364 Adobe Flash Player",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-364/index.html"
    },
    {
      "title": "Avis CERT-FR CERTFR-2016-AVI-374 Microsoft Windows",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-374/index.html"
    },
    {
      "title": "Google Security Blog",
      "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
    },
    {
      "title": "Microsoft Device Guard",
      "url": "https://technet.microsoft.com/en-us/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies"
    }
  ],
  "reference": "CERTFR-2016-ALE-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-11-02T00:00:00.000000"
    },
    {
      "description": "cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2016-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eMicrosoft\nWindows\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce Microsoft du 01 novembre 2016",
      "url": "https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/"
    }
  ]
}

GHSA-FQ8G-M89M-MRW9

Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2025-10-22 00:31

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-01T22:59:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",
  "id": "GHSA-fq8g-m89m-mrw9",
  "modified": "2025-10-22T00:31:17Z",
  "published": "2022-05-14T01:01:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7855"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201610-10"
    },
    {
      "type": "WEB",
      "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93861"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037111"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-7855

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-7855

Aliases

CVE-2016-7855

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7855",
    "description": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",
    "id": "GSD-2016-7855",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-7855.html",
      "https://access.redhat.com/errata/RHSA-2016:2119",
      "https://advisories.mageia.org/CVE-2016-7855.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7855"
      ],
      "details": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.",
      "id": "GSD-2016-7855",
      "modified": "2023-12-13T01:21:20.883295Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2016-7855",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "product": "Flash Player",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2016-7855",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201610-10",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201610-10"
          },
          {
            "name": "MS16-128",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
          },
          {
            "name": "1037111",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037111"
          },
          {
            "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
          },
          {
            "name": "RHSA-2016:2119",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
          },
          {
            "name": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html",
            "refsource": "MISC",
            "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
          },
          {
            "name": "93861",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93861"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23.0.0.185",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23.0.0.185",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23.0.0.185",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:linux:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.2.202.637",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "23.0.0.185",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2016-7855"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
            },
            {
              "name": "93861",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93861"
            },
            {
              "name": "GLSA-201610-10",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201610-10"
            },
            {
              "name": "1037111",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037111"
            },
            {
              "name": "RHSA-2016:2119",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
            },
            {
              "name": "MS16-128",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-05-16T17:14Z",
      "publishedDate": "2016-11-01T22:59Z"
    }
  }
}

FKIE_CVE-2016-7855

Vulnerability from fkie_nvd - Published: 2016-11-01 22:59 - Updated: 2025-10-22 00:15

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@adobe.com	http://rhn.redhat.com/errata/RHSA-2016-2119.html	Third Party Advisory
psirt@adobe.com	http://www.securityfocus.com/bid/93861	Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.securitytracker.com/id/1037111	Third Party Advisory, VDB Entry
psirt@adobe.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128	Patch, Vendor Advisory
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb16-36.html	Patch, Vendor Advisory
psirt@adobe.com	https://security.gentoo.org/glsa/201610-10	Third Party Advisory
psirt@adobe.com	https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2016-2119.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93861	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037111	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb16-36.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201610-10	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855

Impacted products

Vendor	Product	Version
adobe	flash_player	*
apple	mac_os_x	-
google	chrome_os	-
linux	linux_kernel	-
microsoft	windows	-
adobe	flash_player	*
adobe	flash_player	*
microsoft	windows_10	-
microsoft	windows_10	1511
microsoft	windows_10	1607
microsoft	windows_8.1	-
microsoft	windows_rt_8.1	-
microsoft	windows_server_2012	-
microsoft	windows_server_2012	r2
adobe	flash_player	*
linux	linux_kernel	-
adobe	flash_player	*
apple	mac_os_x	-
microsoft	windows	-
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	5.0
redhat	enterprise_linux_workstation	6.0

JSON

To clipboard

{
  "cisaActionDue": "2022-03-24",
  "cisaExploitAdd": "2022-03-03",
  "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
  "cisaVulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
              "matchCriteriaId": "72678265-8BF8-4C66-B910-84E7C3961B18",
              "versionEndIncluding": "23.0.0.185",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
              "matchCriteriaId": "17EC9D4E-B2BE-413A-A682-03DFA8E93A6B",
              "versionEndIncluding": "23.0.0.185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
              "matchCriteriaId": "E97950E9-801B-46B5-AF10-384ADE92C567",
              "versionEndIncluding": "23.0.0.185",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
              "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "AEAF53E4-99E9-4554-B79C-A84527B631CF",
              "versionEndIncluding": "11.2.202.637",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E43F3177-CF1C-41EF-8C6E-61177A79BEEA",
              "versionEndIncluding": "23.0.0.185",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Adobe Flash Player en versiones anteriores a 23.0.0.205 en Windows y OS X y en versiones anteriores a 11.2.202.643 en Linux permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, seg\u00fan se ha explotado activamente en octubre de 2016."
    }
  ],
  "id": "CVE-2016-7855",
  "lastModified": "2025-10-22T00:15:56.243",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2016-11-01T22:59:00.167",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93861"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037111"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201610-10"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-36.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201610-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CNVD-2016-10244

Vulnerability from cnvd - Published: 2016-10-29

Title

Adobe Flash Player内存错误引用远程代码执行漏洞（CNVD-2016-10244）

Description

Adobe Flash Player是一款跨平台、基于浏览器的多媒体播放器产品。 Adobe Flash Player在实现上存在内存错误引用远程代码执行漏洞。允许远程攻击者可利用该漏洞构建恶意SWF文件，诱使应用解析，可执行任意代码。

Severity

高

Patch Name

Adobe Flash Player内存错误引用远程代码执行漏洞（CNVD-2016-10244）的补丁

Patch Description

Adobe Flash Player是一款跨平台、基于浏览器的多媒体播放器产品。 Adobe Flash Player在实现上存在内存错误引用远程代码执行漏洞。允许远程攻击者可利用该漏洞构建恶意SWF文件，诱使应用解析，可执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-36.html

Reference

https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-36.html

Impacted products

Name
['Adobe Flash Player Desktop Runtime <=23.0.0.185', 'Adobe Flash Player(on Windows/OS X) <=23.0.0.185', 'Adobe Flash Player(on Linux) <=11.2.202.637', 'Adobe Flash Player <=23.0.0.185']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93861"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7855"
    }
  },
  "description": "Adobe Flash Player\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\u3002\r\n\r\nAdobe Flash Player\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u5efa\u6076\u610fSWF\u6587\u4ef6\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Neel Mehta and Billy Leonard from Google\u0027s Threat Analysis Group.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-36.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10244",
  "openTime": "2016-10-29",
  "patchDescription": "Adobe Flash Player\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\u3002\r\n\r\nAdobe Flash Player\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u5efa\u6076\u610fSWF\u6587\u4ef6\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Flash Player\u5185\u5b58\u9519\u8bef\u5f15\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2016-10244\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Flash Player Desktop Runtime \u003c=23.0.0.185",
      "Adobe Flash Player(on Windows/OS X) \u003c=23.0.0.185",
      "Adobe Flash Player(on Linux) \u003c=11.2.202.637",
      "Adobe Flash Player \u003c=23.0.0.185"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb16-36.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-10-28",
  "title": "Adobe Flash Player\u5185\u5b58\u9519\u8bef\u5f15\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2016-10244\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-7855 (GCVE-0-2016-7855)

CERTFR-2016-AVI-364

Solution

CERTFR-2016-ALE-008

Description

Solution

GHSA-FQ8G-M89M-MRW9

GSD-2016-7855

FKIE_CVE-2016-7855

CNVD-2016-10244

Tags

Sightings

Nomenclature