Vulnerability Change Records for CVE-2016-7857

Change History

CPE Deprecation Remap 5/08/2019 6:11:29 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x86:*
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x86:*

CVE Modified by Adobe Systems Incorporated 12/21/2016 10:0:22 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.zerodayinitiative.com/advisories/ZDI-16-596 [No Types Assigned]
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201611-18 [No Types Assigned]

CPE Deprecation Remap 5/08/2019 6:11:29 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x64:*
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x64:*

CVE Modified by Adobe Systems Incorporated 10/12/2018 6:14:40 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 [No Types Assigned]
Removed Reference
https://technet.microsoft.com/library/security/ms16-141 [No Types Assigned]

								
						

Modified Analysis 11/08/2016 2:23:13 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     AND
          OR
               *cpe:2.3:a:adobe:flash_player_for_linux:11.2.202.643:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Configuration 2
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
               cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Configuration 3
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:chrome:*:*
          OR
               cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
               cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
               cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
Configuration 4
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:edge:*:*
               *cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:internet_explorer:*:*
          OR
               cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
               cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
               cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x64:*
               cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x86:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
CWE-416
Changed Reference Type
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html No Types Assigned
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html Vendor Advisory, Patch

Initial CVE Analysis 11/08/2016 2:11:33 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
Configuration 1
     OR
          *cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:6.0:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux_server_supplementary_aus:6.5:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.5.z:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
          *cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*
Configuration 2
     AND
          OR
               *cpe:2.3:a:hp:jdk:7.0.08:*:*:*:*:*:*:* (and previous)
               *cpe:2.3:a:hp:jre:7.0.08:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
               cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:a:oracle:javafx:2.2.45:*:*:*:*:*:*:*
Configuration 4
     OR
          *cpe:2.3:a:oracle:jdk:1.7.0:update_45:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update_45:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
CWE-416
Changed Reference Type
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html No Types Assigned
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html Patch, Vendor Advisory

CVE Modified by Adobe Systems Incorporated 11/28/2016 3:39:35 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/94153 [No Types Assigned]

CVE Translated 11/09/2016 11:45:00 AM

Action Type Old Value New Value

Modified Analysis 5/16/2019 1:12:10 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Changed CPE Configuration
AND
     OR
          *cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:chrome:*:*
     OR
          cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
          cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
          cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
AND
     OR
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:* versions up to (including) 23.0.0.205
     OR
          cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
          cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
          cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Changed CPE Configuration
AND
     OR
          *cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:edge:*:*
          *cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:internet_explorer:*:*
     OR
          cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
          cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
          cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x64:*
          cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x86:*
AND
     OR
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:* versions up to (including) 23.0.0.205
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:* versions up to (including) 23.0.0.205
     OR
          cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:x64:*
Changed CVSS V2
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Added CVSS V2 Metadata

								
							
							
						
Victim must voluntarily interact with attack mechanism
Removed CVSS V2 Metadata
Access Complexity Insufficient Information

								
						
Changed CVSS V3
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-2676.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-2676.html Third Party Advisory
Changed Reference Type
http://www.securityfocus.com/bid/94153 No Types Assigned
http://www.securityfocus.com/bid/94153 Third Party Advisory, VDB Entry
Changed Reference Type
http://www.securitytracker.com/id/1037240 No Types Assigned
http://www.securitytracker.com/id/1037240 Third Party Advisory, VDB Entry
Changed Reference Type
http://www.zerodayinitiative.com/advisories/ZDI-16-596 No Types Assigned
http://www.zerodayinitiative.com/advisories/ZDI-16-596 Third Party Advisory, VDB Entry
Changed Reference Type
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 No Types Assigned
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 Patch, Vendor Advisory
Changed Reference Type
https://security.gentoo.org/glsa/201611-18 No Types Assigned
https://security.gentoo.org/glsa/201611-18 Third Party Advisory

CVE Modified by Adobe Systems Incorporated 7/27/2017 9:29:06 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1037240 [No Types Assigned]

CVE Modified by Adobe Systems Incorporated 1/06/2017 10:0:40 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-2676.html [No Types Assigned]
Added Reference

								
							
							
						
https://technet.microsoft.com/library/security/ms16-141 [No Types Assigned]