CVE-2016-7874
First published: Thu Dec 15 2016(Updated: )
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Flash Player | <=23.0.0.207 | |
| Apple iOS and macOS | ||
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | <=23.0.0.207 | |
| Macromedia Flash Player | <=23.0.0.207 | |
| Windows 10 | ||
| Microsoft Windows | ||
| Macromedia Flash Player | <=23.0.0.207 | |
| Chrome OS | ||
| Linux Kernel | ||
| Macromedia Flash Player | <=11.2.202.644 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html
- http://rhn.redhat.com/errata/RHSA-2016-2947.html
- http://www.securityfocus.com/bid/94866
- http://www.securitytracker.com/id/1037442
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://security.gentoo.org/glsa/201701-17
Frequently Asked Questions
What is the severity of CVE-2016-7874?
CVE-2016-7874 has a critical severity due to its potential for arbitrary code execution.
How do I fix CVE-2016-7874?
To fix CVE-2016-7874, upgrade Adobe Flash Player to version 23.0.0.208 or later.
What versions of Adobe Flash Player are affected by CVE-2016-7874?
Versions of Adobe Flash Player 23.0.0.207 and earlier, as well as 11.2.202.644 and earlier, are affected by CVE-2016-7874.
What could happen if CVE-2016-7874 is exploited?
Successful exploitation of CVE-2016-7874 could lead to arbitrary code execution on the affected systems.
Is my system vulnerable to CVE-2016-7874?
If you are using an affected version of Adobe Flash Player, your system may be vulnerable to CVE-2016-7874.
- agent/type
- agent/references
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe flash player
- version/adobe flash player/23.0.0.207
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows operating system
- canonical/macromedia flash player
- version/macromedia flash player/23.0.0.207
- canonical/windows 10
- canonical/microsoft windows
- vendor/google
- canonical/chrome os
- vendor/linux
- canonical/linux kernel
- version/macromedia flash player/11.2.202.644