Multiple vulnerabilities in Adobe Flash Player

Posted: February 27, 2013 in Vulnerabilities
Tags: , ,

vulnerabilities in Adobe Flash Player

Vulnerabilities in Adobe Flash Player

Vulnerability: Multiple vulnerabilities in Adobe Flash Player

Severity Rating: Critical
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2013-0643
CVE-2013-0648
CVE-2013-0504
Vector of operation: Remote
Impact: Security Bypass, System compromise

Affected Products: Adobe Flash Player 11.x

Affected versions:
Adobe Flash Player 11.6.602.168 and earlier versions for Windows
Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh
Adobe Flash Player 11.2.202.270 and earlier versions for Linux.

Description:

Which can be exploited by malicious people to compromise a vulnerable system.

1. The vulnerability is caused due to an error related to permissions in the sandpit expansion Flash Player for Firefox. This can be exploited to bypass security restrictions on the target system.

2. An error in the function ExternalInterface ActionScript. A remote user can execute arbitrary code on the target system.

Note: Vulnerabilities number 1 and 2 in active use today.

3. An error in the service broker. A remote user can execute arbitrary code on the target system.

Manufacturer URL: http://www.adobe.com/

Solution: The way to eliminate the vulnerability does not exist at present.

Link:
https://www.adobe.com/support/security/bulletins/apsb13-08.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s