Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html | Broken Link |
http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html | Broken Link |
http://rhn.redhat.com/errata/RHSA-2016-2947.html | Third Party Advisory |
http://www.securityfocus.com/bid/94866 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037442 | Broken Link Third Party Advisory VDB Entry |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 | Patch Third Party Advisory |
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html | Patch Vendor Advisory |
https://security.gentoo.org/glsa/201701-17 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
16 Nov 2022, 21:24
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/94866 - Third Party Advisory, VDB Entry | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html - Broken Link | |
References | (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 - Patch, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2947.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html - Broken Link | |
References | (GENTOO) https://security.gentoo.org/glsa/201701-17 - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1037442 - Broken Link, Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 8.8 |
CWE | CWE-787 | |
First Time |
Adobe flash Player Desktop Runtime
|
|
CPE | cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:* cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:* cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:* |
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:* cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:* cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* |
Information
Published : 2016-12-15 06:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-7874
Mitre link : CVE-2016-7874
CVE.ORG link : CVE-2016-7874
JSON object : View
Products Affected
adobe
- flash_player_desktop_runtime
- flash_player
apple
- mac_os_x
linux
- linux_kernel
- chrome_os
microsoft
- windows
- windows_10
- windows_8.1
CWE
CWE-787
Out-of-bounds Write