CVE-2013-2555

Published: Mar 11, 2013Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

Affected (19)

Products: Adobe: Flash Player, Air · Opensuse: Opensuse · Suse: Linux Enterprise Desktop · +1 more

Show all products

Adobe: Flash Player, Air · Opensuse: Opensuse · Suse: Linux Enterprise Desktop · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation

2 products

1 product

1 product

Linux Enterprise Desktop

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 11.1.115.48

Running on/with	Platform Versions
Google Android	From 4.0 to 4.4.4

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 11.1.111.44

Running on/with	Platform Versions
Google Android	From 2.0 to 3.2.6

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	From 11.0 to 11.6.602.180

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	From 11.0 to 11.2.202.275

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Air	Up to 3.6.0.6090

Running on/with	Platform Versions
Google Android	All versions

Configuration F

5 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Opensuse Opensuse	Version 12.1
Opensuse Opensuse	Version 12.2
Opensuse Opensuse	Version 12.3
Suse Linux Enterprise Desktop	Version 11 sp2

Configuration G

7 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 5.9
Redhat Enterprise Linux Eus	Version 6.4
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 5.9
Redhat Enterprise Linux Server Aus	Version 6.4
Redhat Enterprise Linux Workstation	Version 6.0

Configuration H

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Before 10.3.183.75

Running on/with	Platform Versions
Apple Macos	All versions
Microsoft Windows	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 10.3.183.75

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (20)

http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html

Source: cve@mitre.org

Broken Link

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

Source: cve@mitre.org

Permissions Required

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=139455789818399&w=2

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0730.html

Source: cve@mitre.org

Third Party Advisory

http://twitter.com/VUPEN/statuses/309713355466227713

Source: cve@mitre.org

Broken Link

http://twitter.com/thezdi/statuses/309756927301283840

Source: cve@mitre.org

Third Party Advisory

http://www.adobe.com/support/security/bulletins/apsb13-11.html

Source: cve@mitre.org

Vendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=139455789818399&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0730.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://twitter.com/VUPEN/statuses/309713355466227713

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://twitter.com/thezdi/statuses/309756927301283840

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.adobe.com/support/security/bulletins/apsb13-11.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.