You are here

V-090: Adobe Flash Player / AIR Multiple Vulnerabilities

February 13, 2013 - 12:14am

Addthis

PROBLEM:

Adobe Flash Player / AIR Multiple Vulnerabilities

PLATFORM:

Adobe Flash Player versions 11.5.502.149 and prior for Windows and Macintosh
Adobe Flash Player versions 11.2.202.262 and prior for Linux
Adobe Flash Player versions 11.1.115.37 and prior for Android 4.x
Adobe Flash Player versions 11.1.111.32 and prior for Android 3.x and 2.x
Adobe AIR versions 3.5.0.1060 and prior
Adobe AIR versions 3.5.0.1060 SDK and prior

ABSTRACT:

Multiple vulnerabilities have been reported in Adobe Flash Player and AIR.

REFERENCE LINKS:

Vulnerability identifier: APSB13-05
Secunia Advisory SA52166
CVE-2013-0637
CVE-2013-0638
CVE-2013-0639
CVE-2013-0642
CVE-2013-0644
CVE-2013-0645
CVE-2013-0647
CVE-2013-0649
CVE-2013-1365
CVE-2013-1366
CVE-2013-1367
CVE-2013-1368
CVE-2013-1369
CVE-2013-1370
CVE-2013-1372
CVE-2013-1373
CVE-2013-1374

IMPACT ASSESSMENT:

Hgh

DISCUSSION:

1) Some unspecified errors can be exploited to cause buffer overflows.

2) Some use-after-free errors can be exploited to dereference already freed memory.

3) An integer overflow error can be exploited to execute arbitrary code.

4) An unspecified error can be exploited to corrupt memory.

5) An unspecified error can be exploited to corrupt memory.

6) An unspecified error can be exploited to disclose certain sensitive information.

Successful exploitation of vulnerabilities #1 through #5 may allow execution of arbitrary code.

IMPACT:

Adobe Flash Player and AIR can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.

SOLUTION:

Update to a fixed version.

Addthis