CVE-2016-7860

CWE-7046 documents6 sources

Severity

8.8HIGH

EPSS

11.2%

top 6.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player FOR Linux Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedNov 8

Latest updateMay 14

Description

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDadobe/flash_player23.0.0.205

▶Ubuntuflashplugin-nonfree< 11.2.202.644ubuntu0.14.04.1+1

▶NVDredhat/enterprise_linux_server5.0, 6.0+1

▶NVDredhat/enterprise_linux_desktop5.0, 6.0+1

▶NVDredhat/enterprise_linux_workstation5.0, 6.0+1

Patches

Patch: docs.microsoft.com ↗Patch: helpx.adobe.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-gf2c-mwwh-x43r: Adobe Flash Player versions 23↗2022-05-14

▶

CVEList

CVE-2016-7860: Adobe Flash Player versions 23↗2016-11-08

▶

OSV

CVE-2016-7860: Adobe Flash Player versions 23↗2016-11-08

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution issues fixed in APSB16-37↗2016-11-08

▶

💬Community

Bugzilla

CVE-2016-7857 CVE-2016-7858 CVE-2016-7859 CVE-2016-7860 CVE-2016-7861 CVE-2016-7862 CVE-2016-7863 CVE-2016-7864 CVE-2016-7865 flash-plugin: multiple code execution issues fixed in APSB16-37↗2016-11-08

▶