[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-2555Date: (C)2013-03-15   (M)2023-12-22


Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html
HPSBMU02948
IAVM:2013-A-0075
RHSA-2013:0730
SUSE-SU-2013:0670
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
http://twitter.com/VUPEN/statuses/309713355466227713
http://twitter.com/thezdi/statuses/309756927301283840
http://www.adobe.com/support/security/bulletins/apsb13-11.html
openSUSE-SU-2013:0672
openSUSE-SU-2013:0675

CPE    154
cpe:/a:adobe:flash_player:11.3.300.257
cpe:/a:adobe:adobe_air:3.5.0.890
cpe:/a:adobe:flash_player:10.3.183.15
cpe:/a:adobe:flash_player:10.3.183.11
...
CWE    1
CWE-189
OVAL    10
oval:org.secpod.oval:def:505605
oval:org.secpod.oval:def:400530
oval:org.secpod.oval:def:10029
oval:org.secpod.oval:def:10764
...

© SecPod Technologies