Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7866Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Animate

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
66.8%
top 1.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Animate
Timeline
PublishedDec 15
Latest updateMay 14

Description

Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDadobe/animate15.2.1.95

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-qrj4-68mq-fwp3: Adobe Animate versions 152022-05-14
CVEList
CVE-2016-7866: Adobe Animate versions 152016-12-15

💥Exploits & PoCs

1
Exploit-DB
Adobe Animate 15.2.1.95 - Memory Corruption2016-12-14
CVE-2016-7866 — Adobe Animate vulnerability | cvebase