System compromise in Adobe Flash Player and Adobe AIR

Posted: January 9, 2013 in Vulnerabilities
Tags: , ,

Vulnerability

Adobe Flash Player

Vulnerability: System compromise in Adobe Flash Player and Adobe AIR

Danger: High
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2013-0630
Vector of operation: Remote
Impact: System Compromise

Affected Products: Adobe AIR 3.x, Adobe Flash Player 10.x, Adobe Flash Player 11.x

Affected versions:

- Adobe Flash Player 11.5.502.135 for Windows, probably other versions;
- Adobe Flash Player 11.5.502.136 for Mac, probably other versions;
- Adobe Flash Player 11.2.202.258 for Linux, probably other versions;
- Adobe Flash Player 11.1.115.34 for Android 4.x, probably other versions;
- Adobe Flash Player 11.1.111.29 for Android 3.x and 2.x, probably other versions;
- Adobe AIR 3.5.0.880 for Windows, probably other versions;
- Adobe AIR 3.5.0.890 for Macintosh, probably other versions;
- Adobe AIR 3.5.0.880 for Android, probably other versions;
- Adobe AIR 3.5.0.880 SDK, probably other versions;
- Adobe AIR 3.5.0.890 SDK, probably other versions.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to an unspecified error. This can be exploited to cause a buffer overflow and potentially execute arbitrary code.

Manufacturer URL: http://www.adobe.com/products/flashplayer.html

Solution: Install the latest version from the manufacturer.

Links:

http://www.adobe.com/support/security/bulletins/apsb13-01.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s