PT-2016-2960 · Adobe+3 · Flash Player+3
Wen Guanxing
·
Published
2016-12-13
·
Updated
2022-11-16
·
CVE-2016-7868
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions 23.0.0.207 and earlier
Adobe Flash Player versions 11.2.202.644 and earlier
Description
The issue is caused by a buffer boundary violation in the RegExp class of the Flash Player platform. Exploitation of this issue may allow a remote attacker to execute arbitrary code when a user visits a specially crafted webpage or processes a specially crafted file. The vulnerability is related to alternation functionality in the RegExp class.
Recommendations
For Adobe Flash Player versions 23.0.0.207 and earlier, update to a version later than 23.0.0.207 to resolve the issue.
For Adobe Flash Player versions 11.2.202.644 and earlier, update to a version later than 11.2.202.644 to resolve the issue.
As a temporary workaround, consider disabling the alternation functionality in the RegExp class until a patch is available.
Fix
Memory Corruption
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Flash Player
Red Hat
Suse