CVE-2013-0646
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@adobe.com — http://www.adobe.com/support/security/bulletins/apsb13-09.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| linux-kernel | not-affected | | |
| macos | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | flash_player | {"endIncluding":"11.6.602.171"} | |
| adobe | flash_player | 11.0 | |
| adobe | flash_player | 11.0.1.152 | |
| adobe | flash_player | 11.0.1.153 | |
| adobe | flash_player | 11.1 | |
| adobe | flash_player | 11.1.102.55 | |
| adobe | flash_player | 11.1.102.59 | |
| adobe | flash_player | 11.1.102.62 | |
| adobe | flash_player | 11.1.102.63 | |
| adobe | flash_player | 11.1.111.5 | |
| adobe | flash_player | 11.1.111.6 | |
| adobe | flash_player | 11.1.111.7 | |
| adobe | flash_player | 11.1.111.8 | |
| adobe | flash_player | 11.1.115.7 | |
| adobe | flash_player | 11.1.115.34 | |
| adobe | flash_player | 11.1.115.36 | |
| adobe | flash_player | 11.2.202.223 | |
| adobe | flash_player | 11.2.202.228 | |
| adobe | flash_player | 11.2.202.233 | |
| adobe | flash_player | 11.2.202.235 | |
| adobe | flash_player | 11.2.202.236 | |
| adobe | flash_player | 11.2.202.238 | |
| adobe | flash_player | 11.2.202.243 | |
| adobe | flash_player | 11.2.202.251 | |
| adobe | flash_player | 11.2.202.258 | |
| adobe | flash_player | 11.2.202.261 | |
| adobe | flash_player | 11.2.202.262 | |
| adobe | flash_player | 11.2.202.270 | |
| adobe | flash_player | 11.2.202.273 | |
| adobe | flash_player | 11.3.300.257 | |
| adobe | flash_player | 11.3.300.262 | |
| adobe | flash_player | 11.3.300.265 | |
| adobe | flash_player | 11.3.300.268 | |
| adobe | flash_player | 11.3.300.270 | |
| adobe | flash_player | 11.3.300.271 | |
| adobe | flash_player | 11.3.300.273 | |
| adobe | flash_player | 11.4.402.265 | |
| adobe | flash_player | 11.4.402.278 | |
| adobe | flash_player | 11.4.402.287 | |
| adobe | flash_player | 11.5.502.110 | |
| adobe | flash_player | 11.5.502.135 | |
| adobe | flash_player | 11.5.502.136 | |
| adobe | flash_player | 11.5.502.146 | |
| adobe | flash_player | 11.5.502.149 | |
| adobe | flash_player | 11.6.602.167 | |
| adobe | flash_player | 11.6.602.168 | |
| adobe | flash_player_for_android | {"endIncluding":"11.1.111.43"} | |
| adobe | flash_player_for_android | 10.1.106.17 | |
| adobe | flash_player_for_android | 10.2.157.51 | |
| adobe | flash_player_for_android | 10.3.186.7 | |
| adobe | flash_player_for_android | 11.0.1.153 | |
| adobe | flash_player_for_android | 11.1.102.59 | |
| adobe | flash_player_for_android | 11.1.111.5 | |
| adobe | flash_player_for_android | 11.1.111.6 | |
| adobe | flash_player_for_android | 11.1.111.7 | |
| adobe | flash_player_for_android | 11.1.111.8 | |
| adobe | flash_player_for_android | 11.1.111.9 | |
| adobe | flash_player_for_android | 11.1.111.10 | |
| adobe | flash_player_for_android | 11.1.111.16 | |
| adobe | flash_player_for_android | 11.1.111.19 | |
| adobe | flash_player_for_android | 11.1.111.24 | |
| adobe | flash_player_for_android | 11.1.111.29 | |
| adobe | flash_player_for_android | 11.1.111.31 | |
| adobe | flash_player_for_android | 11.1.111.32 | |
| adobe | adobe_air_sdk_and_compiler | {"endIncluding":"3.6.0.599"} | |
| adobe | adobe_air_sdk | {"endIncluding":"3.6.0.597"} | |
| adobe | adobe_air_sdk | 3.0.0.4080 | |
| adobe | adobe_air_sdk | 3.1.0.488 | |
| adobe | adobe_air_sdk | 3.2.0.2070 | |
| adobe | adobe_air_sdk | 3.3.0.3650 | |
| adobe | adobe_air_sdk | 3.3.0.3690 | |
| adobe | adobe_air_sdk | 3.4.0.2540 | |
| adobe | adobe_air_sdk | 3.4.0.2710 | |
| adobe | adobe_air_sdk | 3.5.0.600 | |
| adobe | adobe_air_sdk | 3.5.0.880 | |
| adobe | adobe_air_sdk | 3.5.0.890 | |
| adobe | adobe_air_sdk | 3.5.0.1060 | |
| adobe | adobe_air | | |
| adobe | adobe_air | 1.0 | |
| adobe | adobe_air | 1.0.1 | |
| adobe | adobe_air | 1.0.8.4990 | |
| adobe | adobe_air | 1.0.4990 | |
| adobe | adobe_air | 1.1 | |
| adobe | adobe_air | 1.1.0.5790 | |
| adobe | adobe_air | 1.5 | |
| adobe | adobe_air | 1.5.0.7220 | |
| adobe | adobe_air | 1.5.1 | |
| adobe | adobe_air | 1.5.1.8210 | |
| adobe | adobe_air | 1.5.2 | |
| adobe | adobe_air | 1.5.3 | |
| adobe | adobe_air | 1.5.3.9120 | |
| adobe | adobe_air | 1.5.3.9130 | |
| adobe | adobe_air | 2.0.2 | |
| adobe | adobe_air | 2.0.2.12610 | |
| adobe | adobe_air | 2.0.3 | |
| adobe | adobe_air | 2.0.3.13070 | |
| adobe | adobe_air | 2.0.4 | |
| adobe | adobe_air | 2.5.0.16600 | |
| adobe | adobe_air | 2.5.1.17730 | |
| adobe | adobe_air | 2.6 | |
| adobe | adobe_air | 2.6.0.19120 | |
| adobe | adobe_air | 2.6.0.19140 | |
| adobe | adobe_air | 2.7 | |
| adobe | adobe_air | 2.7.0.1948 | |
| adobe | adobe_air | 2.7.0.1953 | |
| adobe | adobe_air | 2.7.0.19480 | |
| adobe | adobe_air | 2.7.0.19530 | |
| adobe | adobe_air | 2.7.1 | |
| adobe | adobe_air | 2.7.1.19610 | |
| adobe | adobe_air | 3.0.0.408 | |
| adobe | adobe_air | 3.0.0.4080 | |
| adobe | adobe_air | 3.1.0.485 | |
| adobe | adobe_air | 3.1.0.488 | |
| adobe | adobe_air | 3.1.0.4880 | |
| adobe | adobe_air | 3.2.0.207 | |
| adobe | adobe_air | 3.2.0.2070 | |
| adobe | adobe_air | 3.3.0.3670 | |
| adobe | adobe_air | 3.4.0.2540 | |
| adobe | adobe_air | 3.4.0.2710 | |
| adobe | adobe_air | 3.5.0.600 | |
| adobe | adobe_air | 3.5.0.880 | |
| adobe | adobe_air | 3.5.0.890 | |
| adobe | adobe_air | 3.5.0.1060 | |
References
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00021.html
- http://marc.info/?l=bugtraq&m=139455789818399&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0643.html
- http://www.adobe.com/support/security/bulletins/apsb13-09.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00021.html
- http://marc.info/?l=bugtraq&m=139455789818399&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0643.html
- http://www.adobe.com/support/security/bulletins/apsb13-09.html
CWEs
CWE-189
Verify integrity in audit chain (admin only). AS-IS.