Base Score

HIGH8.8

CVE-2016-7862

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

VectorNETWORK

Published Bypsirt@adobe.com

Published DateNov 08, 2016, 17:59

Weakness Type (CWE):CWE-416

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://rhn.redhat.com/errata/RHSA-2016-2676.html
http://www.securityfocus.com/bid/94153
http://www.securitytracker.com/id/1037240
http://www.zerodayinitiative.com/advisories/ZDI-16-603
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
https://security.gentoo.org/glsa/201611-18

Base Score

HIGH8.8

Weakness Type (CWE):CWE-416

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH