CVE-2013-2555 — HIGH (10.0)

Q: How severe is CVE-2013-2555?

CVE-2013-2555 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-2555?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Google Android, Apple Macos, Microsoft Windows, Linux Linux Kernel.

Vulnerability Description

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	<= 11.1.115.48
Google	Android	>= 4.0, <= 4.4.4
Apple	Macos	-
Microsoft	Windows	-
Linux	Linux Kernel	-
Adobe	Air	<= 3.6.0.6090
Opensuse	Opensuse	11.4
Suse	Linux Enterprise Desktop	11
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	5.9
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	5.9
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-190

References

http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.htmlBroken Link
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157Permissions Required
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=139455789818399&w=2Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0730.htmlThird Party Advisory
http://twitter.com/VUPEN/statuses/309713355466227713Broken Link
http://twitter.com/thezdi/statuses/309756927301283840Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb13-11.htmlVendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.htmlBroken Link
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157Permissions Required
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2013-2555?

CVE-2013-2555 is a vulnerability with a CVSS score of 10.0 (HIGH). Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android ...

How severe is CVE-2013-2555?

CVE-2013-2555 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2555?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Google Android, Apple Macos, Microsoft Windows, Linux Linux Kernel.