CVE-2016-7878: Use After Free
First published: Thu Dec 15 2016(Updated: )
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Flash Player | <=23.0.0.207 | |
| Apple iOS and macOS | ||
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | <=23.0.0.207 | |
| Macromedia Flash Player | <=23.0.0.207 | |
| Windows 10 | ||
| Microsoft Windows | ||
| Macromedia Flash Player | <=23.0.0.207 | |
| Chrome OS | ||
| Linux Kernel | ||
| Macromedia Flash Player | <=11.2.202.644 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html
- http://rhn.redhat.com/errata/RHSA-2016-2947.html
- http://www.securityfocus.com/bid/94873
- http://www.securitytracker.com/id/1037442
- http://www.zerodayinitiative.com/advisories/ZDI-16-620
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://security.gentoo.org/glsa/201701-17
Frequently Asked Questions
What is the severity of CVE-2016-7878?
CVE-2016-7878 has been rated as critical due to its potential for arbitrary code execution.
How do I fix CVE-2016-7878?
To fix CVE-2016-7878, update Adobe Flash Player to version 23.0.0.208 or later.
Which versions of Adobe Flash Player are affected by CVE-2016-7878?
CVE-2016-7878 affects Adobe Flash Player versions 23.0.0.207 and earlier, and 11.2.202.644 and earlier.
Can CVE-2016-7878 be exploited remotely?
Yes, CVE-2016-7878 can be exploited remotely to execute arbitrary code.
Are there any specific platforms that CVE-2016-7878 impacts?
CVE-2016-7878 impacts Adobe Flash Player on various platforms, including Chrome and Internet Explorer.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe flash player
- version/adobe flash player/23.0.0.207
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows operating system
- canonical/macromedia flash player
- version/macromedia flash player/23.0.0.207
- canonical/windows 10
- canonical/microsoft windows
- vendor/google
- canonical/chrome os
- vendor/linux
- canonical/linux kernel
- version/macromedia flash player/11.2.202.644