CVE-2013-2555: Integer Overflow
First published: Mon Mar 11 2013(Updated: )
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | <=11.1.115.48 | |
| Android | >=4.0<=4.4.4 | |
| Adobe Acrobat Reader | <=11.1.111.44 | |
| Android | >=2.0<=3.2.6 | |
| Adobe Acrobat Reader | >=11.0<=11.6.602.180 | |
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=11.0<=11.2.202.275 | |
| Linux Kernel | ||
| Adobe AIR SDK | <=3.6.0.6090 | |
| Android | ||
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| openSUSE | =12.2 | |
| openSUSE | =12.3 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp2 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux eus | =5.9 | |
| redhat enterprise Linux eus | =6.4 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server aus | =5.9 | |
| redhat enterprise Linux server aus | =6.4 | |
| redhat enterprise Linux workstation | =6.0 | |
| Adobe Acrobat Reader | <10.3.183.75 | |
| Adobe Acrobat Reader | <=10.3.183.75 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html
- http://marc.info/?l=bugtraq&m=139455789818399&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0730.html
- http://twitter.com/VUPEN/statuses/309713355466227713
- http://twitter.com/thezdi/statuses/309756927301283840
- http://www.adobe.com/support/security/bulletins/apsb13-11.html
Frequently Asked Questions
What is the severity of CVE-2013-2555?
CVE-2013-2555 has a high severity rating due to the potential for arbitrary code execution.
How do I fix CVE-2013-2555?
To fix CVE-2013-2555, update Adobe Flash Player to version 10.3.183.75 or later and Adobe AIR to version 3.7.0.1530 or later.
Which versions of Adobe Flash Player are affected by CVE-2013-2555?
Adobe Flash Player versions before 10.3.183.75 and 11.x before 11.7.700.169 are affected by CVE-2013-2555.
Does CVE-2013-2555 affect Adobe AIR versions?
Yes, CVE-2013-2555 affects Adobe AIR prior to version 3.7.0.1530.
What platforms are vulnerable to CVE-2013-2555?
CVE-2013-2555 impacts users on Windows, Mac OS X, Linux, and certain versions of Android.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/weakness
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/11.1.115.48
- vendor/google
- canonical/android
- version/android/4.0
- version/android/4.4.4
- version/adobe acrobat reader/11.1.111.44
- version/android/2.0
- version/android/3.2.6
- version/adobe acrobat reader/11.0
- version/adobe acrobat reader/11.6.602.180
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/11.2.202.275
- vendor/linux
- canonical/linux kernel
- canonical/adobe air sdk
- version/adobe air sdk/3.6.0.6090
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- version/opensuse/12.2
- version/opensuse/12.3
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/11-sp2
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/5.9
- version/redhat enterprise linux eus/6.4
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/5.9
- version/redhat enterprise linux server aus/6.4
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/adobe acrobat reader/10.3.183.75