Skip to main content

Adobe Flash Player / AIR Buffer Overflow Vulnerability

Last Update Date: 9 Jan 2013 14:17 Release Date: 9 Jan 2013 4972 Views

RISK: High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

A vulnerability has been identified in Adobe Flash Player and Adobe AIR, which can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow.

 

Successful exploitation may allow execution of arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • Adobe Flash Player versions 11.5.502.135 and prior for Windows
  • Adobe Flash Player versions 11.5.502.136 and prior for Macintosh
  • Adobe Flash Player versions 11.2.202.258 and prior for Linux
  • Adobe Flash Player versions 11.1.115.34 and prior for Android 4.x
  • Adobe Flash Player versions 11.1.111.29 and prior for Android 3.x and 2.x
  • Adobe Flash Player for Google Chrome and Internet Explorer 10 for Windows 8
  • Adobe AIR versions 3.5.0.880 and prior for Windows and Macintosh
  • Adobe AIR version 3.5.0.880 for Android
  • Adobe AIR version 3.5.0.880 SDK and Adobe AIR version 3.5.0.890 SDK

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to a fixed version.
    http://www.adobe.com/support/security/bulletins/apsb13-01.html
  • Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.137 for Windows, Macintosh and Linux.
  • Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.378.5 for Windows.

Vulnerability Identifier


Source


Related Link