Lucene search

[email protected]CVE-2013-2555

HistoryMar 11, 2013 - 10:55 a.m.

CVE-2013-2555

2013-03-1110:55:01

CWE-190

[email protected]

web.nvd.nist.gov

121

cve

adobe flash player

integer overflow

remote code execution

vupen

pwn2own

cansecwest 2013

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.322 Low

EPSS

Percentile

97.0%

JSON

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

Affected configurations

NVD

Node

adobeflash_playerRange≤11.1.115.48

AND

googleandroidRange4.0–4.4.4

Node

adobeflash_playerRange≤11.1.111.44

AND

googleandroidRange2.0–3.2.6

Node

adobeflash_playerRange11.0–11.6.602.180

AND

applemacosMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange11.0–11.2.202.275

AND

linuxlinux_kernelMatch-

Node

adobeairRange≤3.6.0.6090

AND

applemacosMatch-

googleandroidMatch-

microsoftwindowsMatch-

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.1

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

suselinux_enterprise_desktopMatch11sp2

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch5.9

redhatenterprise_linux_eusMatch6.4

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch5.9

redhatenterprise_linux_server_ausMatch6.4

redhatenterprise_linux_workstationMatch6.0

Node

adobeflash_playerRange<10.3.183.75

AND

applemacosMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤10.3.183.75

AND

linuxlinux_kernelMatch-

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle11.1.115.48

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	11.1.115.48

References

archives.neohapsis.com/archives/bugtraq/2013-04/0197.html

h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html

lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html

lists.opensuse.org/opensuse-updates/2013-04/msg00081.html

marc.info/?l=bugtraq&m=139455789818399&w=2

rhn.redhat.com/errata/RHSA-2013-0730.html

twitter.com/thezdi/statuses/309756927301283840

twitter.com/VUPEN/statuses/309713355466227713

www.adobe.com/support/security/bulletins/apsb13-11.html

Social References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.322 Low

EPSS

Percentile

97.0%

JSON

Related for CVE-2013-2555

checkpoint_advisories1 prion1 nvd1 zdi1 ubuntucve1 securityvulns4 seebug1 cvelist1 nessus15 suse3 openvas13 redhat1 gentoo1