CVE-2013-2555

11.03.2013, 10:55

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Vendor	Product	Version
adobe	flash_player	𝑥 ≤ 11.1.115.48
adobe	flash_player	𝑥 ≤ 11.1.111.44
adobe	flash_player	11.0 ≤ 𝑥 ≤ 11.6.602.180
adobe	flash_player	11.0 ≤ 𝑥 ≤ 11.2.202.275
adobe	air	𝑥 ≤ 3.6.0.6090
opensuse	opensuse	11.4
opensuse	opensuse	12.1
opensuse	opensuse	12.2
opensuse	opensuse	12.3
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_eus	5.9
redhat	enterprise_linux_eus	6.4
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server_aus	5.9
redhat	enterprise_linux_server_aus	6.4
redhat	enterprise_linux_workstation	6.0
adobe	flash_player	𝑥 < 10.3.183.75
adobe	flash_player	𝑥 ≤ 10.3.183.75

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

adobe-flashplugin

quantal	not-affected
precise	not-affected
oneiric	not-affected
lucid	not-affected
hardy	ignored

flashplugin-nonfree

quantal	not-affected
precise	not-affected
oneiric	not-affected
lucid	not-affected
hardy	ignored

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html

http://marc.info/?l=bugtraq&m=139455789818399&w=2

http://rhn.redhat.com/errata/RHSA-2013-0730.html

http://twitter.com/VUPEN/statuses/309713355466227713

http://twitter.com/thezdi/statuses/309756927301283840

http://www.adobe.com/support/security/bulletins/apsb13-11.html

http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html

http://marc.info/?l=bugtraq&m=139455789818399&w=2

http://rhn.redhat.com/errata/RHSA-2013-0730.html

http://twitter.com/VUPEN/statuses/309713355466227713

http://twitter.com/thezdi/statuses/309756927301283840

http://www.adobe.com/support/security/bulletins/apsb13-11.html