cnvd - cnvd-2016-12381

cnvd-2016-12381

Vulnerability from cnvd

Title: Adobe Flash Player内存破坏漏洞（CNVD-2016-12381）

Description:

Adobe Flash Player是美国Adobe公司开发的一款是一种广泛使用的、专有的多媒体程序播放器。

Adobe Flash Player中存在内存破坏漏洞，攻击者可以漏洞在受影响应用程序的用户上下文中执行任意代码。失败的漏洞尝试可能会导致拒绝服务条件。

Severity: 高

Patch Name: Adobe Flash Player内存破坏漏洞（CNVD-2016-12381）的补丁

Patch Description:

Adobe Flash Player是美国Adobe公司开发的一款是一种广泛使用的、专有的多媒体程序播放器。

Adobe Flash Player中存在内存破坏漏洞，攻击者可以漏洞在受影响应用程序的用户上下文中执行任意代码。失败的漏洞尝试可能会导致拒绝服务条件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

Reference: https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

Impacted products

Name
['Adobe Flash Player Desktop Runtime <=23.0.0.207', 'Adobe Flash Player（for Google Chrome） <=23.0.0.207', 'Adobe Flash Player（for Microsoft Edge and Internet Explorer 11） <=23.0.0.207', 'Adobe Flash Player(on Linux) <=11.2.202.644']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94866"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7875"
    }
  },
  "description": "Adobe Flash Player\u662f\u7f8e\u56fdAdobe\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e \u662f\u4e00\u79cd\u5e7f\u6cdb\u4f7f\u7528\u7684\u3001\u4e13\u6709\u7684\u591a\u5a92\u4f53\u7a0b\u5e8f\u64ad\u653e\u5668\u3002\r\n\r\nAdobe Flash Player\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u7528\u6237\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u5931\u8d25\u7684\u6f0f\u6d1e\u5c1d\u8bd5\u53ef\u80fd\u4f1a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002",
  "discovererName": "bo13oy of CloverSec Labs working with Trend Micro\u0027s Zero Day Initiative",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-39.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-12381",
  "openTime": "2016-12-16",
  "patchDescription": "Adobe Flash Player\u662f\u7f8e\u56fdAdobe\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e \u662f\u4e00\u79cd\u5e7f\u6cdb\u4f7f\u7528\u7684\u3001\u4e13\u6709\u7684\u591a\u5a92\u4f53\u7a0b\u5e8f\u64ad\u653e\u5668\u3002\r\n\r\nAdobe Flash Player\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u7528\u6237\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u5931\u8d25\u7684\u6f0f\u6d1e\u5c1d\u8bd5\u53ef\u80fd\u4f1a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Flash Player\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-12381\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Flash Player Desktop Runtime \u003c=23.0.0.207",
      "Adobe Flash Player\uff08for Google Chrome\uff09 \u003c=23.0.0.207",
      "Adobe Flash Player\uff08for Microsoft Edge and Internet Explorer 11\uff09 \u003c=23.0.0.207",
      "Adobe Flash Player(on Linux) \u003c=11.2.202.644"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-12-14",
  "title": "Adobe Flash Player\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-12381\uff09"
}

CVE-2016-7875 (GCVE-0-2016-7875)

Vulnerability from cvelistv5

Published

2016-12-15 06:31

Modified

2024-08-06 02:13

Severity ?

CWE

Integer Overflow

Summary

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

References

▼	URL	Tags
	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html	vendor-advisory, x_refsource_SUSE
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154	vendor-advisory, x_refsource_MS
	https://security.gentoo.org/glsa/201701-17	vendor-advisory, x_refsource_GENTOO
	http://www.zerodayinitiative.com/advisories/ZDI-16-621	x_refsource_MISC
	http://www.securitytracker.com/id/1037442	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/94866	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2016-2947.html	vendor-advisory, x_refsource_REDHAT
	https://helpx.adobe.com/security/products/flash-player/apsb16-39.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier	Version: Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:20.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:3148",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
          },
          {
            "name": "MS16-154",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
          },
          {
            "name": "GLSA-201701-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-17"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-621"
          },
          {
            "name": "1037442",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037442"
          },
          {
            "name": "94866",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94866"
          },
          {
            "name": "RHSA-2016:2947",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
          },
          {
            "name": "openSUSE-SU-2016:3160",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2016-12-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:3148",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
        },
        {
          "name": "MS16-154",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
        },
        {
          "name": "GLSA-201701-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-17"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-621"
        },
        {
          "name": "1037442",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037442"
        },
        {
          "name": "94866",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94866"
        },
        {
          "name": "RHSA-2016:2947",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
        },
        {
          "name": "openSUSE-SU-2016:3160",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2016-7875",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Integer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:3148",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
            },
            {
              "name": "MS16-154",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
            },
            {
              "name": "GLSA-201701-17",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-17"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-621",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-621"
            },
            {
              "name": "1037442",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037442"
            },
            {
              "name": "94866",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94866"
            },
            {
              "name": "RHSA-2016:2947",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
            },
            {
              "name": "openSUSE-SU-2016:3160",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2016-7875",
    "datePublished": "2016-12-15T06:31:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:13:20.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted