Vulnerabilities > CVE-2016-7855 - Use After Free vulnerability in multiple products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE

Summary

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

Vulnerable Configurations

Part Description Count
Application
Adobe
422
OS
Apple
1
OS
Google
1
OS
Linux
1
OS
Microsoft
8
OS
Redhat
6

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1239.NASL
    descriptionThis update for Adobe Flash Player to 11.2.202.643 fixes the following vulnerability : - CVE-2016-7855: use-after-free vulnerability (APSB16-36, boo#1007098)
    last seen2020-06-05
    modified2016-10-31
    plugin id94423
    published2016-10-31
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94423
    titleopenSUSE Security Update : flash-player (openSUSE-2016-1239)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2119.NASL
    descriptionAn update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.643. Security Fix(es) : * This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-7855)
    last seen2020-06-01
    modified2020-06-02
    plugin id94318
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94318
    titleRHEL 5 / 6 : flash-plugin (RHSA-2016:2119)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201610-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201610-10 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id94421
    published2016-10-31
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94421
    titleGLSA-201610-10 : Adobe Flash Player: Multiple vulnerabilities
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB16-36.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 23.0.0.185. It is, therefore, affected by an arbitrary code execution vulnerability due to a use-after-free error. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to dereference already freed memory, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id94334
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94334
    titleAdobe Flash Player <= 23.0.0.185 Arbitrary Code Execution (APSB16-36)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS16-128.NASL
    descriptionThe remote Windows host is missing KB3201860. It is, therefore, affected by an arbitrary code execution vulnerability due to a use-after-free error. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to dereference already freed memory, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id94340
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94340
    titleMS16-128: Security Update for Adobe Flash Player (3201860)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1240.NASL
    descriptionThis update for Adobe Flash Player to 11.2.202.643 fixes the following vulnerability : - CVE-2016-7855: use-after-free vulnerability (APSB16-36, boo#1007098)
    last seen2020-06-05
    modified2016-10-31
    plugin id94424
    published2016-10-31
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94424
    titleopenSUSE Security Update : flash-player (openSUSE-2016-1240)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_APSB16-36.NASL
    descriptionThe version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 23.0.0.185. It is, therefore, affected by an arbitrary code execution vulnerability due to a use-after-free error. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to dereference already freed memory, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id94335
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94335
    titleAdobe Flash Player for Mac <= 23.0.0.185 Arbitrary Code Execution (APSB16-36)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2662-1.NASL
    descriptionThis update for flash-player to version 11.2.202.643 fixes one security issue. This security issue was fixed : - CVE-2016-7855: Use-after-free vulnerability that could lead to code execution (bsc#1007098). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id94350
    published2016-10-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94350
    titleSUSE SLED12 Security Update : flash-player (SUSE-SU-2016:2662-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_DE6D01D59C4411E6BA670011D823EEBD.NASL
    descriptionAdobe reports : Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.
    last seen2020-06-01
    modified2020-06-02
    plugin id94347
    published2016-10-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94347
    titleFreeBSD : flash -- remote code execution (de6d01d5-9c44-11e6-ba67-0011d823eebd)

Redhat

advisories
rhsa
idRHSA-2016:2119
rpms
  • flash-plugin-0:11.2.202.643-1.el5_11
  • flash-plugin-0:11.2.202.643-1.el6_8

The Hacker News