Vulnerability CVE-2013-2555

Vulnerability Name:

CVE-2013-2555 (CCN-82773)

Assigned:

2013-03-02

Published:

2013-03-02

Updated:

2021-09-08

Summary:

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-190

Vulnerability Consequences:

Gain Access

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.1.115.48)

AND

cpe:/o:google:android:*:*:*:*:*:*:*:* (Version >= 4.0 and <= 4.4.4)

Configuration 2:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.1.111.44)

AND

cpe:/o:google:android:*:*:*:*:*:*:*:* (Version >= 2.0 and <= 3.2.6)

Configuration 3:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.0 and <= 11.6.602.180)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.0 and <= 11.2.202.275)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:adobe:air:*:*:*:*:*:*:*:* (Version <= 3.6.0.6090)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:google:android:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

Configuration 7:

cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 8:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version < 10.3.183.75)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 9:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 10.3.183.75)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:11.01.152:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.01.153:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.115.63:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.6:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.7:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.115.81:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.3.300.270:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.6.602.171:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20132555	V	CVE-2013-2555	2022-05-20
oval:org.opensuse.security:def:10711	P	Security update for MozillaThunderbird (Important)	2022-01-12
oval:org.opensuse.security:def:51768	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:10663	P	Security update for ffmpeg (Moderate)	2021-10-26
oval:org.opensuse.security:def:51662	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:10692	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:51934	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:5792	P	Security update for apache-commons-compress (Important)	2021-08-05
oval:org.opensuse.security:def:5770	P	Security update for sqlite3 (Important)	2021-07-14
oval:org.opensuse.security:def:11513	P	cups-pk-helper-0.2.5-3.75 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76830	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17001	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11535	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10644	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:48670	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17049	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48718	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11300	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11465	P	sysvinit-tools-2.88+-94.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76596	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11534	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11487	P	zoo-2.10-1020.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10677	P	Security update for MozillaThunderbird (Moderate)	2021-06-04
oval:org.opensuse.security:def:6026	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:51896	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:38122	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:6004	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:38103	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:52002	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:51723	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:51485	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:5344	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:51088	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:51089	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:10584	P	Security update for MozillaThunderbird (Important)	2020-12-07
oval:org.opensuse.security:def:5053	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:5183	P	Security update for mozilla-nss (Moderate)	2020-12-02
oval:org.opensuse.security:def:5335	P	Security update for tomcat (Important)	2020-12-02
oval:org.opensuse.security:def:5366	P	Security update for samba (Important)	2020-12-02
oval:org.opensuse.security:def:4887	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:5043	P	Security update for pacemaker (Important)	2020-12-02
oval:org.opensuse.security:def:5075	P	Security update for rubygem-activesupport-5_1 (Critical)	2020-12-02
oval:org.opensuse.security:def:5202	P	Security update for webkit2gtk3 (Important)	2020-12-02
oval:org.opensuse.security:def:4811	P	Security update for apache2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:5110	P	Security update for rubygem-actionpack-5_1 (Important)	2020-12-02
oval:org.opensuse.security:def:4934	P	Security update for libvirt (Important)	2020-12-02
oval:org.opensuse.security:def:5068	P	Security update for samba (Moderate)	2020-12-02
oval:org.opensuse.security:def:5121	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:5277	P	Security update for spamassassin (Important)	2020-12-02
oval:org.opensuse.security:def:5045	P	Security update for graphviz (Moderate)	2020-12-02
oval:org.opensuse.security:def:5119	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:4819	P	Security update for apache2 (Important)	2020-12-02
oval:org.opensuse.security:def:4949	P	Security update for spice-gtk (Moderate)	2020-12-02
oval:org.opensuse.security:def:5101	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:5168	P	Security update for nodejs8 (Critical)	2020-12-02
oval:org.opensuse.security:def:5302	P	Security update for zstd (Moderate)	2020-12-02
oval:org.opensuse.security:def:5132	P	Security update for samba (Important)	2020-12-02
oval:org.opensuse.security:def:5353	P	Security update for apache2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:4841	P	Security update for 389-ds (Important)	2020-12-02
oval:org.opensuse.security:def:4968	P	Security update for php7 (Moderate)	2020-12-02
oval:org.opensuse.security:def:37307	P	ppc64-diag on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10629	P	augeas-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10763	P	libneon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52612	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10630	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:10786	P	librsvg-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52765	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:51251	P	Security update for djvulibre (Moderate)	2020-12-01
oval:org.opensuse.security:def:38094	P	wpa_supplicant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38846	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51345	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:38852	P	gnome-shell-calendar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37308	P	ppp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37640	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38006	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10554	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37587	P	libspice-server1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37995	P	libz1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10814	P	libxslt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10853	P	systemtap-sdt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10514	P	libksba-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52419	P	Security update for libqt5-qtbase (Moderate)	2020-12-01
oval:org.opensuse.security:def:53888	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:37355	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10811	P	libxcb-composite0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52846	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:51489	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:52219	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:52168	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:38142	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38894	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37319	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37697	P	update-alternatives on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37356	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37688	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38054	P	rrdtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10827	P	ocaml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10862	P	xfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10536	P	libraptor-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52493	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:53962	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10562	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52653	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54122	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52327	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:38166	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52453	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:38170	P	dovecot22 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37403	P	cracklib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37787	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37367	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37745	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51322	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:10875	P	aaa_base-malloccheck on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10582	P	pam-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10738	P	libgnutls-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52531	P	Security update for munge (Moderate)	2020-12-01
oval:org.opensuse.security:def:52727	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54196	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51111	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:38055	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38804	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51323	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:52561	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:38214	P	gv on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10506	P	libidn-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37539	P	libjbig2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37947	P	libpulse-mainloop-glib0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37451	P	grub2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37835	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10805	P	libunrar-devel on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:19824	V	Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors	2015-08-03
oval:org.mitre.oval:def:21078	P	RHSA-2013:0730: flash-plugin security update (Critical)	2015-03-09
oval:org.mitre.oval:def:25128	P	SUSE-SU-2013:0670-2 -- Security update for flash-player	2014-09-08
oval:org.mitre.oval:def:25949	P	SUSE-SU-2013:0670-1 -- Security update for flash-player	2014-09-08
oval:org.mitre.oval:def:23519	P	ELSA-2013:0730: flash-plugin security update (Critical)	2014-05-26
oval:com.redhat.rhsa:def:20130730	P	RHSA-2013:0730: flash-plugin security update (Critical)	2013-04-10
oval:com.ubuntu.precise:def:20132555000	V	CVE-2013-2555 on Ubuntu 12.04 LTS (precise) - medium.	2013-03-11

BACK