CVE-2016-7866
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@adobe.com — https://helpx.adobe.com/security/products/animate/apsb16-38.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | animate | {"endIncluding":"15.2.1.95"} | |
References
- http://hyp3rlinx.altervista.org/advisories/ADOBE-ANIMATE-MEMORY-CORRUPTION-VULNERABILITY.txt
- http://packetstormsecurity.com/files/140164/Adobe-Animate-15.2.1.95-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2016/Dec/45
- http://www.securityfocus.com/archive/1/539923/100/0/threaded
- http://www.securityfocus.com/bid/94872
- https://helpx.adobe.com/security/products/animate/apsb16-38.html
- https://www.exploit-db.com/exploits/40915/
- http://hyp3rlinx.altervista.org/advisories/ADOBE-ANIMATE-MEMORY-CORRUPTION-VULNERABILITY.txt
- http://packetstormsecurity.com/files/140164/Adobe-Animate-15.2.1.95-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2016/Dec/45
- http://www.securityfocus.com/archive/1/539923/100/0/threaded
- http://www.securityfocus.com/bid/94872
- https://helpx.adobe.com/security/products/animate/apsb16-38.html
- https://www.exploit-db.com/exploits/40915/
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.