CVE-2016-7892
KEV
🔴 Łataj teraz
Wykorzystanie błędu use after free w Adobe Flash Player pozwala na zdalne wykonanie kodu.
CVSS
8.8
EPSS
20.2%
Exploit
weaponized
Vendor
adobe
Opis źródłowy (NVD)
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 20.2% |
| Opublikowano (NVD) | 2016-12-15 06:59:56 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 21:10:12 UTC |
Referencje
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html (psirt@adobe.com) [Broken Link]
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html (psirt@adobe.com) [Broken Link]
- http://rhn.redhat.com/errata/RHSA-2016-2947.html (psirt@adobe.com) [Third Party Advisory]
- http://www.securityfocus.com/bid/94877 (psirt@adobe.com) [Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1037442 (psirt@adobe.com) [Broken Link, Third Party Advisory, VDB Entry]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 (psirt@adobe.com) [Patch, Third Party Advisory]
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html (psirt@adobe.com) [Patch, Vendor Advisory]
- https://security.gentoo.org/glsa/201701-17 (psirt@adobe.com) [Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7892 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]