Vulnerability CVE-2013-2555
Published: 2013-03-11   Modified: 2013-03-15

Description:
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Flash Player Code Execution
VUPEN
20.04.2013

Type:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Enterprise linux 
Opensuse -> Opensuse 
Novell -> Opensuse 
Novell -> Suse linux enterprise desktop 
Adobe -> Flash player 
Adobe -> Adobe air 
Adobe -> Adobe air sdk 

 References:
http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html
http://marc.info/?l=bugtraq&m=139455789818399&w=2
http://rhn.redhat.com/errata/RHSA-2013-0730.html
http://twitter.com/thezdi/statuses/309756927301283840
http://twitter.com/VUPEN/statuses/309713355466227713
http://www.adobe.com/support/security/bulletins/apsb13-11.html
Copyright 2024, cxsecurity.com

 

Back to Top