CVE-2013-0639: Integer Overflow
First published: Tue Feb 12 2013(Updated: )
Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | >=10.3<10.3.183.63 | |
| Macromedia Flash Player | >=11.6<11.6.602.168 | |
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | >=10.3<10.3.183.61 | |
| Macromedia Flash Player | >=11.2<11.2.202.270 | |
| Linux Kernel | ||
| Macromedia Flash Player | >=11.1<11.1.111.43 | |
| Android | >=2.0<=2.3.7 | |
| Android | >=3.0<=3.2.6 | |
| Macromedia Flash Player | >=11.1<11.1.115.47 | |
| Android | >=4.0<=4.4.4 | |
| Adobe | <3.6.0.597 | |
| Adobe AIR | <3.6.0.599 | |
| Macromedia Flash Player | >=11.6<11.6.602.167 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html
- http://rhn.redhat.com/errata/RHSA-2013-0254.html
- http://www.adobe.com/support/security/bulletins/apsb13-05.html
- http://www.us-cert.gov/cas/techalerts/TA13-043A.html
Frequently Asked Questions
What is the severity of CVE-2013-0639?
CVE-2013-0639 has been classified as a critical vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2013-0639?
To mitigate CVE-2013-0639, users should update Adobe Flash Player to versions 10.3.183.63 or 11.6.602.168 or later.
What versions of Adobe Flash Player are affected by CVE-2013-0639?
CVE-2013-0639 affects Adobe Flash Player versions before 10.3.183.63, 11.x before 11.6.602.168 on Windows, and various earlier versions on other platforms.
Is CVE-2013-0639 applicable to mobile versions of Adobe Flash Player?
Yes, CVE-2013-0639 affects Adobe Flash Player versions prior to 11.1.111.43 on Android 2.x and 3.x devices.
What types of attacks could exploit CVE-2013-0639?
CVE-2013-0639 could be exploited through crafted Flash content that leads to an integer overflow, potentially allowing an attacker to execute arbitrary code.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/10.3
- version/macromedia flash player/11.6
- vendor/microsoft
- canonical/microsoft windows operating system
- version/macromedia flash player/11.2
- vendor/linux
- canonical/linux kernel
- version/macromedia flash player/11.1
- vendor/google
- canonical/android
- version/android/2.0
- version/android/2.3.7
- version/android/3.0
- version/android/3.2.6
- version/android/4.0
- version/android/4.4.4
- canonical/adobe
- canonical/adobe air
- vendor/apple
- canonical/apple ios and macos