|Bugzilla:||920186: CVE-2013-2555 flash-plugin: Remote attackers able to execute arbitrary code via vectors that leverage an 'overflow' (CanSecWest 2013)|
The MITRE CVE dictionary describes this issue as:
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 188.8.131.520 on Linux, before 184.108.40.206 on Android 2.x and 3.x, and before 220.127.116.11 on Android 4.x; Adobe AIR before 18.104.22.1680; and Adobe AIR SDK & Compiler before 22.214.171.1240 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
This issue affects the version of flash-plugin as shipped with Red Hat Enterprise Linux 5 and 6. Updates will be released as soon as they are made generally available by Adobe.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux Server Supplementary (v. 5) (flash-plugin)||RHSA-2013:0730||April 10, 2013|
|Red Hat Enterprise Linux Supplementary version 6 (flash-plugin)||RHSA-2013:0730||April 10, 2013|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.