CVE-2013-2555
Last modified
CVE-2013-2555 is a vulnerability of currently unknown severity. Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.. EPSS estimates a 8.46% chance of exploitation in the next 30 days.
Description
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Adobe | Flash Player | <= 11.1.115.48 | — |
| Adobe | Flash Player | <= 11.1.111.44 | — |
| Adobe | Flash Player | >= 11.0, <= 11.6.602.180 | — |
| Adobe | Flash Player | >= 11.0, <= 11.2.202.275 | — |
| Adobe | Air | <= 3.6.0.6090 | — |
| Opensuse | Opensuse | 11.4 | — |
| Opensuse | Opensuse | 12.1 | — |
| Opensuse | Opensuse | 12.2 | — |
| Opensuse | Opensuse | 12.3 | — |
| Suse | Linux Enterprise Desktop | 11 | Sp2 |
| Redhat | Enterprise Linux Desktop | 6.0 | — |
| Redhat | Enterprise Linux Eus | 5.9 | — |
| Redhat | Enterprise Linux Eus | 6.4 | — |
| Redhat | Enterprise Linux Server | 6.0 | — |
| Redhat | Enterprise Linux Server Aus | 5.9 | — |
| Redhat | Enterprise Linux Server Aus | 6.4 | — |
| Redhat | Enterprise Linux Workstation | 6.0 | — |
| Adobe | Flash Player | < 10.3.183.75 | — |
| Adobe | Flash Player | <= 10.3.183.75 | — |
References
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157Permissions Required
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=139455789818399&w=2Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0730.htmlThird Party Advisory
- http://twitter.com/thezdi/statuses/309756927301283840Third Party Advisory
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157Permissions Required
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=139455789818399&w=2Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0730.htmlThird Party Advisory
- http://twitter.com/thezdi/statuses/309756927301283840Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-2555?
How severe is CVE-2013-2555?
How do I fix CVE-2013-2555?
Are you affected by CVE-2013-2555?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST