CVE-2013-2555: Integer Overflow
First published: Mon Mar 11 2013(Updated: )
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | <=11.1.115.48 | |
| Android | >=4.0<=4.4.4 | |
| Macromedia Flash Player | <=11.1.111.44 | |
| Android | >=2.0<=3.2.6 | |
| Macromedia Flash Player | >=11.0<=11.6.602.180 | |
| macOS | ||
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | >=11.0<=11.2.202.275 | |
| Linux Kernel | ||
| Adobe | <=3.6.0.6090 | |
| Android | ||
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| openSUSE | =12.2 | |
| openSUSE | =12.3 | |
| SUSE Linux Enterprise Desktop | =11-sp2 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server EUS | =5.9 | |
| Red Hat Enterprise Linux Server EUS | =6.4 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =5.9 | |
| Red Hat Enterprise Linux Server | =6.4 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Macromedia Flash Player | <10.3.183.75 | |
| Macromedia Flash Player | <=10.3.183.75 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html
- http://marc.info/?l=bugtraq&m=139455789818399&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0730.html
- http://twitter.com/VUPEN/statuses/309713355466227713
- http://twitter.com/thezdi/statuses/309756927301283840
- http://www.adobe.com/support/security/bulletins/apsb13-11.html
Frequently Asked Questions
What is the severity of CVE-2013-2555?
CVE-2013-2555 has a high severity rating due to the potential for arbitrary code execution.
How do I fix CVE-2013-2555?
To fix CVE-2013-2555, update Adobe Flash Player to version 10.3.183.75 or later and Adobe AIR to version 3.7.0.1530 or later.
Which versions of Adobe Flash Player are affected by CVE-2013-2555?
Adobe Flash Player versions before 10.3.183.75 and 11.x before 11.7.700.169 are affected by CVE-2013-2555.
Does CVE-2013-2555 affect Adobe AIR versions?
Yes, CVE-2013-2555 affects Adobe AIR prior to version 3.7.0.1530.
What platforms are vulnerable to CVE-2013-2555?
CVE-2013-2555 impacts users on Windows, Mac OS X, Linux, and certain versions of Android.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/weakness
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/11.1.115.48
- vendor/google
- canonical/android
- version/android/4.0
- version/android/4.4.4
- version/macromedia flash player/11.1.111.44
- version/android/2.0
- version/android/3.2.6
- version/macromedia flash player/11.0
- version/macromedia flash player/11.6.602.180
- vendor/apple
- canonical/macos
- vendor/microsoft
- canonical/microsoft windows operating system
- version/macromedia flash player/11.2.202.275
- vendor/linux
- canonical/linux kernel
- canonical/adobe
- version/adobe/3.6.0.6090
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- version/opensuse/12.2
- version/opensuse/12.3
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11-sp2
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/5.9
- version/red hat enterprise linux server eus/6.4
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/5.9
- version/red hat enterprise linux server/6.4
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/macromedia flash player/10.3.183.75