CVE-2013-2555

Adobe Flash Player <10.3.183.75-11.7.700.169 - RCE

Title source: llm
STIX 2.1

Description

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

References (10)

Core 10
Core References
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html
Third Party Advisory x_refsource_misc
http://twitter.com/thezdi/statuses/309756927301283840
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=139455789818399&w=2
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0730.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html

Scores

EPSS 0.0706
EPSS Percentile 91.6%

Details

CWE
CWE-190
Status published
Products (14)
adobe/air < 3.6.0.6090
adobe/flash_player < 11.1.115.48
opensuse/opensuse 11.4
opensuse/opensuse 12.1
opensuse/opensuse 12.2
opensuse/opensuse 12.3
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_eus 5.9
redhat/enterprise_linux_eus 6.4
redhat/enterprise_linux_server 6.0
... and 4 more
Published Mar 11, 2013
Tracked Since Feb 18, 2026