CVE-2016-7870
Summary
| CVE | CVE-2016-7870 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-12-15 06:59:00 UTC |
| Updated | 2022-11-16 22:02:00 UTC |
| Description | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
| Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
| Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
| Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
| Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
| Application | Adobe | Flash Player | 23.0.0.207 | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player Desktop Runtime | All | All | All | All |
| Application | Adobe | Flash Player For Linux | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | - | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Chrome Os | All | All | All | All | |
| Operating System | Chrome Os | - | All | All | All | |
| Operating System | Chrome Os | All | All | All | All | |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Microsoft | Windows | All | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Microsoft | Windows | All | All | All | All |
| Operating System | Microsoft | Windows 10 | All | All | All | All |
| Operating System | Microsoft | Windows 10 | - | All | All | All |
| Operating System | Microsoft | Windows 10 | All | All | All | All |
| Operating System | Microsoft | Windows 8.1 | All | All | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows 8.1 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Adobe Flash Player: Multiple vulnerabilities (GLSA 201701-17) — Gentoo security | GENTOO | security.gentoo.org | |
| [security-announce] SUSE-SU-2016:3148-1: critical: Security update for f | SUSE | lists.opensuse.org | |
| Adobe Flash Player APSB16-39 Multiple Unspecified Buffer Overflow Vulnerabilities | BID | www.securityfocus.com | |
| Adobe Security Bulletin | CONFIRM | helpx.adobe.com | Patch, Vendor Advisory |
| ZDI-16-623 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Microsoft Security Bulletin MS16-154 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| Adobe Flash Player Multiple Bugs Let Remote Users Bypass Security Restrictions and Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| openSUSE-SU-2016:3160-1: moderate: Security update for flash-player | SUSE | lists.opensuse.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710422 Gentoo Linux Adobe Flash Player Multiple Vulnerabilities (GLSA 201701-17)