9.3

CVE-2016-6987

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeFlash Player SwPlatformchrome Version <= 23.0.0.162
   ApplemacOS X Version-
   GoogleChrome Os Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformedge Version <= 23.0.0.162
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player SwPlatforminternet_explorer Version <= 23.0.0.162
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player SwEditionesr Version <= 18.0.0.375
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player Desktop Runtime Version <= 23.0.0.162
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformlinux Version <= 11.2.202.635
   LinuxLinux Kernel Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.87% 0.857
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://www.securitytracker.com/id/1036985
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/93492
Third Party Advisory
VDB Entry