CVE-2016-7892

8.8 HIGH CISA KEV - Actively Exploited
Published: December 15, 2016 Modified: October 22, 2025
View on NVD

Description

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html
Source: psirt@adobe.com
Broken Link
http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html
Source: psirt@adobe.com
Broken Link
http://rhn.redhat.com/errata/RHSA-2016-2947.html
Source: psirt@adobe.com
Third Party Advisory
http://www.securityfocus.com/bid/94877
Source: psirt@adobe.com
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037442
Source: psirt@adobe.com
Broken Link Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154
Source: psirt@adobe.com
Patch Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Source: psirt@adobe.com
Patch Vendor Advisory
https://security.gentoo.org/glsa/201701-17
Source: psirt@adobe.com
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://rhn.redhat.com/errata/RHSA-2016-2947.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/94877
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037442
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
https://security.gentoo.org/glsa/201701-17
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7892
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

17 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.8 / 10.0
EPSS (Exploit Probability)
23.3%
96th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-04-15

Weaknesses (CWE)

CWE-416 CWE-416

Affected Vendors

adobe linux google microsoft apple

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3