VDB
CVE-2016-7892
CVE-2016-7892
PUBLISHED
KEV
CVSS 9.300000190734863 CRITICAL
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
EPSS 21.97% · 95.9th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
21.97%
95.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier | * |
| adobe | flash_player_desktop_runtime | 0 |
| adobe | flash_player | 0, 0, 0 |
Timeline
- Jan 19, 1970 VulnCheck XDB Entry
- Jul 5, 2015 VulnCheck KEV Exploitation
- Jul 21, 2015 VulnCheck KEV Exploitation
- Aug 10, 2015 VulnCheck KEV Exploitation
- Feb 3, 2016 VulnCheck KEV Exploitation
- Dec 13, 2016 PoC Published
- Dec 15, 2016 CVE Published
- Jan 9, 2017 VulnCheck KEV Exploitation
- Aug 18, 2017 PoC Published
- Feb 4, 2018 VulnCheck KEV Exploitation
- Jun 20, 2018 VulnCheck KEV Exploitation
- Sep 5, 2018 VulnCheck KEV Exploitation
References
- SUSE-SU-2016:3148 vendor-advisory
- MS16-154 vendor-advisory
- GLSA-201701-17 vendor-advisory
- 1037442 vdb
- RHSA-2016:2947 vendor-advisory
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html url
- 94877 vdb
- openSUSE-SU-2016:3160 vendor-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7892 url
- https://nvd.nist.gov/vuln/detail/CVE-2016-7892 advisory