CVE-2016-7872

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.

Published: Dec 15, 2016
Updated: May 9, 2024
CVE: CVE-2016-7872
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
adobe / flash_player_desktop_runtime	-	23.0.0.207.x
adobe / flash_player	-	23.0.0.207.x
adobe / flash_player	-	11.2.202.644.x

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html
http://rhn.redhat.com/errata/RHSA-2016-2947.html
http://www.securityfocus.com/bid/94873
http://www.securitytracker.com/id/1037442
http://www.zerodayinitiative.com/advisories/ZDI-16-626
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
https://security.gentoo.org/glsa/201701-17

Vulnerability Database

289,697

CVE-2016-7872