CVE-2016-6987

Published: Oct 13, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981.

Affected (6)

Products: Adobe: Flash Player, Flash Player Desktop Runtime

2 products

Flash Player Desktop Runtime

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 23.0.0.162

Running on/with	Platform Versions
Google Chrome Os	All versions

Configuration B

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 23.0.0.162
Adobe Flash Player	Up to 23.0.0.162

Running on/with	Platform Versions
Microsoft Windows 10	All versions
Microsoft Windows 8.1	All versions

Configuration C

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 18.0.0.375
Adobe Flash Player Desktop Runtime	Up to 23.0.0.162

Running on/with	Platform Versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 11.2.202.635

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (10)

http://rhn.redhat.com/errata/RHSA-2016-2057.html

Source: psirt@adobe.com

Third Party Advisory

http://www.securityfocus.com/bid/93492

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036985

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsb16-32.html

Source: psirt@adobe.com

PatchVendor Advisory

https://security.gentoo.org/glsa/201610-10

Source: psirt@adobe.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2057.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/93492

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036985

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsb16-32.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://security.gentoo.org/glsa/201610-10

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.