CVE DATABASE / CVE-2016-7855
CVE-2016-7855
Adobe Flash Player Use-After-Free Vulnerability
CVSS 8.8 · HIGH
⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2022-03-03.
Federal remediation due 2022-03-24.
Required action: The impacted product is end-of-life and should be disconnected if still in use.
Summary
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Adobe flash playerApple mac os xGoogle chrome osLinux linux kernelMicrosoft windowsMicrosoft windows 10Microsoft windows 8.1Microsoft windows rt 8.1Microsoft windows server 2012Redhat enterprise linux desktopRedhat enterprise linux serverRedhat enterprise linux workstation
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://rhn.redhat.com/errata/RHSA-2016-2119.html
- http://www.securityfocus.com/bid/93861
- http://www.securitytracker.com/id/1037111
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128
- https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
- https://security.gentoo.org/glsa/201610-10
- https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7855
Data: NIST NVD + CISA KEV. NVD last modified 2026-04-21. Always verify against the vendor advisory before acting.