CVE-2016-7892high
Description
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
References
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
http://www.securityfocus.com/bid/94877
http://www.securitytracker.com/id/1037442
http://rhn.redhat.com/errata/RHSA-2016-2947.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html
https://security.gentoo.org/glsa/201701-17
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154
Details
Source: MITRE
Published: 2016-12-15
Updated: 2022-11-16
Type: CWE-416
Risk Information
CVSS v2
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
CVSS v3
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH