Submitted by Vincent (CVE) Danen on Thu, 09/17/2015 - 18:19
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 220.127.116.110 on Linux, before 18.104.22.168 on Android 2.x and 3.x, and before 22.214.171.124 on Android 4.x; Adobe AIR before 126.96.36.1990; and Adobe AIR SDK & Compiler before 188.8.131.520 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
This issue affects the version of flash-plugin as shipped with Red Hat Enterprise Linux 5 and 6. Updates will be released as soon as they are made generally available by Adobe.
CVE-2013-2555 flash-plugin: Remote attackers able to execute arbitrary code via vectors that leverage an 'overflow' (CanSecWest 2013)