CVE-2016-7855

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score72.5110%

EPSS Percentile96.17th

PublishedNov 1, 2016

Last ModifiedApr 21, 2026

Vulnerability Description

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

Affected Platforms (CPE)

📦

Adobe

Flash Player

<= 23.0.0.185

📦

Adobe

Flash Player

<= 23.0.0.185

📦

Adobe

Flash Player

<= 23.0.0.185

📦

Adobe

Flash Player

<= 11.2.202.637

📦

Adobe

Flash Player

<= 23.0.0.185

💻

Redhat

Enterprise Linux Desktop

= 5.0

💻

Redhat

Enterprise Linux Desktop

= 6.0

💻

Redhat

Enterprise Linux Server

= 5.0

💻

Redhat

Enterprise Linux Server

= 6.0

💻

Redhat

Enterprise Linux Workstation

= 5.0

💻

Redhat

Enterprise Linux Workstation

= 6.0

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2016-2119.html

🔗 http://www.securityfocus.com/bid/93861

🔗 http://www.securitytracker.com/id/1037111

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128

🔗 https://helpx.adobe.com/security/products/flash-player/apsb16-36.html

🔗 https://security.gentoo.org/glsa/201610-10

🔗 https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html

🔗 http://rhn.redhat.com/errata/RHSA-2016-2119.html

Vulnerability Description

Affected Platforms (CPE)

Flash Player

Flash Player

Flash Player

Flash Player

Flash Player

Enterprise Linux Desktop

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server

Enterprise Linux Workstation

Enterprise Linux Workstation

References & Advisories

Related Vulnerabilities