Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html | Broken Link |
http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html | Broken Link |
http://rhn.redhat.com/errata/RHSA-2016-2947.html | Third Party Advisory |
http://www.securityfocus.com/bid/94866 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037442 | Broken Link Third Party Advisory VDB Entry |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 | Patch Third Party Advisory |
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html | Patch Vendor Advisory |
https://security.gentoo.org/glsa/201701-17 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
16 Nov 2022, 21:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:* cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:* cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:* |
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:* cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:* cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 8.8 |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html - Broken Link | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2947.html - Third Party Advisory | |
References | (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 - Patch, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html - Broken Link | |
References | (GENTOO) https://security.gentoo.org/glsa/201701-17 - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1037442 - Broken Link, Third Party Advisory, VDB Entry | |
First Time |
Adobe flash Player Desktop Runtime
|
|
CWE | CWE-787 |
Information
Published : 2016-12-15 06:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-7876
Mitre link : CVE-2016-7876
CVE.ORG link : CVE-2016-7876
JSON object : View
Products Affected
microsoft
- windows_8.1
- windows
- windows_10
adobe
- flash_player_desktop_runtime
- flash_player
- chrome_os
linux
- linux_kernel
apple
- mac_os_x
CWE
CWE-787
Out-of-bounds Write