Home > Vulnerability Database > CVE-2016-7860

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2016-7860

Date: November 8, 2016

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Severity Score

8.8

Related Resources (10)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2016-7860

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-7860

Url: http://www.zerodayinitiative.com/advisories/ZDI-16-601

Url: https://security.gentoo.org/glsa/201611-18

Url: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141

Url: http://www.securitytracker.com/id/1037240

Url: https://helpx.adobe.com/security/products/flash-player/apsb16-37.html

Url: http://www.securityfocus.com/bid/94151

Url: http://rhn.redhat.com/errata/RHSA-2016-2676.html

Url: https://www.mend.io/vulnerability-database/CVE-2016-7860

Severity Score

8.8

Weakness Type (CWE)

Incorrect Type Conversion or Cast

CWE-704

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us