| Title | Adobe Flash Player における任意のコードを実行される脆弱性 |
|---|---|
| Summary | Adobe Flash Player には、添付されたスクリプトオブジェクトを処理する際、解放済みメモリの使用 (Use-after-free) により、任意のコードを実行される脆弱性が存在します。 |
| Possible impacts | 任意のコードを実行される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Dec. 13, 2016, midnight |
| Registration Date | Dec. 16, 2016, 1:58 p.m. |
| Last Update | Dec. 16, 2016, 1:58 p.m. |
| CVSS3.0 : 緊急 | |
| Score | 9.8 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVSS2.0 : 危険 | |
| Score | 10 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| アドビシステムズ |
| Adobe Flash Player 24.0.0.186 未満 (Linux) |
| Adobe Flash Player 24.0.0.186 未満 (Windows 10/8.1 版の Microsoft Edge/Internet Explorer 11) |
| Adobe Flash Player 24.0.0.186 未満 (Windows/Macintosh/Linux/ChromeOS 版の Chrome) |
| Adobe Flash Player デスクトップランタイム 24.0.0.186 未満 (Windows/Macintosh) |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2016年12月16日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution. |
|---|---|
| Publication Date | Dec. 15, 2016, 3:59 p.m. |
| Registration Date | Jan. 26, 2021, 2:17 p.m. |
| Last Update | Nov. 21, 2024, 11:58 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* | 23.0.0.207 | ||||
| execution environment | |||||
| 1 | cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:* | 23.0.0.207 | ||||
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:* | 23.0.0.207 | ||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:* | 23.0.0.207 | ||||
| execution environment | |||||
| 1 | cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:* | ||||
| 3 | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | ||||
| 4 | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 11.2.202.644 | ||||
| execution environment | |||||
| 1 | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | ||||