Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html | Broken Link |
http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html | Broken Link |
http://rhn.redhat.com/errata/RHSA-2016-2947.html | Third Party Advisory |
http://www.securityfocus.com/bid/94873 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037442 | Broken Link Third Party Advisory VDB Entry |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 | Patch Third Party Advisory |
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html | Patch Vendor Advisory |
https://security.gentoo.org/glsa/201701-17 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
16 Nov 2022, 21:31
Type | Values Removed | Values Added |
---|---|---|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html - Broken Link | |
References | (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 - Patch, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2947.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html - Broken Link | |
References | (GENTOO) https://security.gentoo.org/glsa/201701-17 - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1037442 - Broken Link, Third Party Advisory, VDB Entry | |
First Time |
Adobe flash Player Desktop Runtime
|
|
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 8.8 |
CPE | cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:* cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player_for_linux:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:* cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:* |
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:* cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:* cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:* cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:* cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* |
Information
Published : 2016-12-15 06:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-7877
Mitre link : CVE-2016-7877
CVE.ORG link : CVE-2016-7877
JSON object : View
Products Affected
microsoft
- windows_8.1
- windows
- windows_10
adobe
- flash_player_desktop_runtime
- flash_player
- chrome_os
linux
- linux_kernel
apple
- mac_os_x
CWE
CWE-416
Use After Free