PT-2016-2951 · Adobe+3 · Flash Player+3
Published
2016-12-14
·
Updated
2022-11-16
·
CVE-2016-7877
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions 23.0.0.207 and earlier
Adobe Flash Player versions 11.2.202.644 and earlier
Description
The issue is related to a use after free vulnerability in the Action Message Format serialization. This vulnerability can be exploited by a remote attacker to execute arbitrary code. The vulnerability is associated with the use of memory after it has been freed, which can lead to code execution as a result of the serialization of Action Message Format.
Recommendations
For Adobe Flash Player versions 23.0.0.207 and earlier, update to a version later than 23.0.0.207 to resolve the issue.
For Adobe Flash Player versions 11.2.202.644 and earlier, update to a version later than 11.2.202.644 to resolve the issue.
As a temporary workaround, consider disabling the Action Message Format serialization until a patch is available.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Flash Player
Red Hat
Suse