| Title | Adobe Flash Player の MovieClip クラスにおける任意のコードを実行される脆弱性 |
|---|---|
| Summary | Adobe Flash Player の MovieClip クラスには、複数の presentation レベルのオブジェクトに関する処理に不備があるため、解放済みメモリの使用 (Use-after-free) により、任意のコードを実行される脆弱性が存在します。 |
| Possible impacts | 任意のコードを実行される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Dec. 13, 2016, midnight |
| Registration Date | Dec. 16, 2016, 1:58 p.m. |
| Last Update | Dec. 16, 2016, 1:58 p.m. |
| CVSS3.0 : 緊急 | |
| Score | 9.8 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVSS2.0 : 危険 | |
| Score | 10 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| アドビシステムズ |
| Adobe Flash Player 24.0.0.186 未満 (Linux) |
| Adobe Flash Player 24.0.0.186 未満 (Windows 10/8.1 版の Microsoft Edge/Internet Explorer 11) |
| Adobe Flash Player 24.0.0.186 未満 (Windows/Macintosh/Linux/ChromeOS 版の Chrome) |
| Adobe Flash Player デスクトップランタイム 24.0.0.186 未満 (Windows/Macintosh) |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2016年12月16日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution. |
|---|---|
| Publication Date | Dec. 15, 2016, 3:59 p.m. |
| Registration Date | Jan. 26, 2021, 2:17 p.m. |
| Last Update | Nov. 21, 2024, 11:58 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* | 23.0.0.207 | ||||
| execution environment | |||||
| 1 | cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:* | 23.0.0.207 | ||||
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:* | 23.0.0.207 | ||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:* | 23.0.0.207 | ||||
| execution environment | |||||
| 1 | cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:* | ||||
| 3 | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | ||||
| 4 | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 11.2.202.644 | ||||
| execution environment | |||||
| 1 | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | ||||