High severity8.8CISA KEVNVD Advisory· Published Nov 1, 2016· Updated Jun 17, 2026
CVE-2016-7855
CVE-2016-7855
Description
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=23.0.0.185
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*range: <=23.0.0.185
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*range: <=23.0.0.185
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*range: <=23.0.0.185
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:linux:*:*range: <=11.2.202.637
- (no CPE)range: <23.0.0.205
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1
< 11.2.202.643-146.1+ 1 more
- (no CPE)range: < 11.2.202.643-146.1
- (no CPE)range: < 11.2.202.643-146.1
Patches
Vulnerability mechanics
References
8- docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128nvdPatchVendor Advisory
- helpx.adobe.com/security/products/flash-player/apsb16-36.htmlnvdPatchVendor Advisory
- rhn.redhat.com/errata/RHSA-2016-2119.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/93861nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037111nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201610-10nvdThird Party Advisory
- security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.htmlnvdThird Party Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.