CVE-2016-7878

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 23.0.0.207 and earlier Adobe Flash Player versions 11.2.202.644 and earlier

Description The issue is related to an exploitable use after free vulnerability in the PSDK's MediaPlayer class. This vulnerability could allow a remote attacker to execute arbitrary code. The vulnerability is associated with the use of memory after it has been freed, which can be exploited to achieve remote code execution.

Recommendations For Adobe Flash Player versions 23.0.0.207 and earlier, update to a version later than 23.0.0.207 to resolve the issue. For Adobe Flash Player versions 11.2.202.644 and earlier, update to a version later than 11.2.202.644 to resolve the issue. As a temporary workaround, consider disabling the PSDK's MediaPlayer class until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2016-2445

BDU:2016-02381

BDU:2017-00021

BDU:2017-00035

CVE-2016-7878

MGASA-2017-0014

RHSA-2016:2947

RHSA-2016_2947

SUSE-SU-2016:3148-1

ZDI-16-620

ZDI-16-678

Affected Products

Alt Linux

Flash Player

Red Hat

Suse

CVE-2016-7878

Weakness Enumeration

Related Identifiers

Affected Products

References · 40