← Voltar para CVEs

CVE-2016-7892

HIGHCISA KEV

8.8

Descricao

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.

Detalhes CVE

Pontuacao CVSS v3.18.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado12/15/2016

Ultima modificacao4/21/2026

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorAdobe

ProdutoFlash Player

Nome da vulnerabilidadeAdobe Flash Player Use-After-Free Vulnerability

Data inclusao KEV2022-03-25

Prazo de remediacao2022-04-15

Uso em ransomwareUnknown

Produtos afetados

adobe:flash_playeradobe:flash_player_desktop_runtimeapple:mac_os_xgoogle:chrome_oslinux:linux_kernelmicrosoft:windowsmicrosoft:windows_10microsoft:windows_8.1

Fraquezas (CWE)

CWE-416CWE-416

Referencias

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html(psirt@adobe.com)

http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html(psirt@adobe.com)

http://rhn.redhat.com/errata/RHSA-2016-2947.html(psirt@adobe.com)

http://www.securityfocus.com/bid/94877(psirt@adobe.com)

http://www.securitytracker.com/id/1037442(psirt@adobe.com)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154(psirt@adobe.com)

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html(psirt@adobe.com)

https://security.gentoo.org/glsa/201701-17(psirt@adobe.com)

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html(af854a3a-2127-422b-91ae-364da2661108)

http://rhn.redhat.com/errata/RHSA-2016-2947.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/94877(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1037442(af854a3a-2127-422b-91ae-364da2661108)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154(af854a3a-2127-422b-91ae-364da2661108)

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/201701-17(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7892(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.