|Bugzilla:||920186: CVE-2013-2555 flash-plugin: Remote attackers able to execute arbitrary code via vectors that leverage an 'overflow' (CanSecWest 2013)|
The MITRE CVE dictionary describes this issue as:
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 184.108.40.2060 on Linux, before 220.127.116.11 on Android 2.x and 3.x, and before 18.104.22.168 on Android 4.x; Adobe AIR before 22.214.171.1240; and Adobe AIR SDK & Compiler before 126.96.36.1990 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
This issue affects the version of flash-plugin as shipped with Red Hat Enterprise Linux 5 and 6. Updates will be released as soon as they are made generally available by Adobe.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux Server Supplementary (v. 5) (flash-plugin)||RHSA-2013:0730||April 10, 2013|
|Red Hat Enterprise Linux Supplementary version 6 (flash-plugin)||RHSA-2013:0730||April 10, 2013|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.