CVE-2013-2555

EPSS 5.98%
Veröffentlicht 11.03.2013 10:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Flash Player Version <= 11.1.115.48

Google ≫ Android Version >= 4.0 <= 4.4.4

Adobe ≫ Flash Player Version <= 11.1.111.44

Google ≫ Android Version >= 2.0 <= 3.2.6

Adobe ≫ Flash Player Version >= 11.0 <= 11.6.602.180

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player Version >= 11.0 <= 11.2.202.275

Linux ≫ Linux Kernel Version-

Adobe ≫ Air Version <= 3.6.0.6090

   Apple ≫ macOS Version-
   Google ≫ Android Version-
   Microsoft ≫ Windows Version-

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.1

Opensuse ≫ Opensuse Version12.2

Opensuse ≫ Opensuse Version12.3

Suse ≫ Linux Enterprise Desktop Version11 Updatesp2

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Eus Version5.9

Redhat ≫ Enterprise Linux Eus Version6.4

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Aus Version5.9

Redhat ≫ Enterprise Linux Server Aus Version6.4

Redhat ≫ Enterprise Linux Workstation Version6.0

Adobe ≫ Flash Player Version < 10.3.183.75

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player Version <= 10.3.183.75

Linux ≫ Linux Kernel Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.98%	0.903

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://marc.info/?l=bugtraq&m=139455789818399&w=2

Third Party Advisory

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

Permissions Required

http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html

Third Party Advisory

Mailing List