PT-2016-2981 · Adobe+3 · Flash Player+3

Published

2016-10-12

·

Updated

2022-11-18

·

CVE-2016-6987

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.382 Adobe Flash Player versions 19.x through 23.x before 23.0.0.185 Adobe Flash Player version 11.2.202.637 and earlier on Linux
Description The issue is related to a use-after-free vulnerability in Adobe Flash Player, allowing attackers to execute arbitrary code via unspecified vectors. This can be exploited by a remote attacker to gain control over the system. The estimated number of potentially affected devices worldwide is not specified.
Recommendations For Adobe Flash Player versions prior to 18.0.0.382, update to version 18.0.0.382 or later. For Adobe Flash Player versions 19.x through 23.x, update to version 23.0.0.185 or later. For Adobe Flash Player version 11.2.202.637 and earlier on Linux, update to version 11.2.202.637 or later. As a temporary workaround, consider disabling the sendEvent function in Adobe Flash Accessibility until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2016-2090
ALT-PU-2016-2091
BDU:2016-02413
CVE-2016-6987
MGASA-2016-0346
RHSA-2016:2057
RHSA-2016_2057
SUSE-SU-2016:2512-1
ZDI-16-569

Affected Products

Alt Linux
Flash Player
Red Hat
Suse