Lucene search

AdobeCVE-2016-7878

HistoryDec 15, 2016 - 6:59 a.m.

CVE-2016-7878

2016-12-1506:59:42

CWE-416

adobe

web.nvd.nist.gov

adobe flash player

vulnerability

use after free

psdk

mediaplayer

arbitrary code execution

cve-2016-7878

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.018

Percentile

88.1%

JSON

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK’s MediaPlayer class. Successful exploitation could lead to arbitrary code execution.

Affected configurations

Nvd

Vulners

Node

adobeflash_player_desktop_runtimeRange≤23.0.0.207

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤23.0.0.207edge

adobeflash_playerRange≤23.0.0.207internet_explorer

AND

microsoftwindows_10Match-

microsoftwindows_8.1Match-

Node

adobeflash_playerRange≤23.0.0.207chrome

AND

applemac_os_xMatch-

googlechrome_osMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤11.2.202.644

AND

linuxlinux_kernelMatch-

VendorProductVersionCPE
adobeflash_player_desktop_runtime*cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
applemac_os_x-cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
microsoftwindows_8.1-cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
googlechrome_os-cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	flash_player_desktop_runtime	*	cpe:2.3:a:adobe:flash_player_desktop_runtime::::::::
apple	mac_os_x	-	cpe:2.3:o:apple:mac_os_x:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::edge::*
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::internet_explorer::*
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-:::::::*
microsoft	windows_8.1	-	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::chrome::*
google	chrome_os	-	cpe:2.3:o:google:chrome_os:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
      }
    ]
  }
]