Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html | Broken Link |
http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html | Broken Link |
http://rhn.redhat.com/errata/RHSA-2016-2947.html | Third Party Advisory |
http://www.securityfocus.com/bid/94873 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037442 | Broken Link Third Party Advisory VDB Entry |
http://www.zerodayinitiative.com/advisories/ZDI-16-626 | Third Party Advisory VDB Entry |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 | Patch Third Party Advisory |
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html | Patch Vendor Advisory |
https://security.gentoo.org/glsa/201701-17 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
16 Nov 2022, 22:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:* cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:* cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:* |
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:* cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:* cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.8 |
First Time |
Adobe flash Player Desktop Runtime
|
|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/94873 - Third Party Advisory, VDB Entry | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2947.html - Third Party Advisory | |
References | (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 - Patch, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html - Broken Link | |
References | (GENTOO) https://security.gentoo.org/glsa/201701-17 - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1037442 - Broken Link, Third Party Advisory, VDB Entry | |
References | (MISC) http://www.zerodayinitiative.com/advisories/ZDI-16-626 - Third Party Advisory, VDB Entry |
Information
Published : 2016-12-15 06:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-7872
Mitre link : CVE-2016-7872
CVE.ORG link : CVE-2016-7872
JSON object : View
Products Affected
microsoft
- windows_10
- windows
- windows_8.1
adobe
- flash_player
- flash_player_desktop_runtime
apple
- mac_os_x
linux
- linux_kernel
- chrome_os
CWE
CWE-416
Use After Free