You are here

V-110: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code

March 13, 2013 - 12:04am

Addthis

PROBLEM:

Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code

PLATFORM:

Version(s): 1.6.602.171 and prior for Windows/Mac; other versions on other platforms

ABSTRACT:

Several vulnerabilities were reported in Adobe Flash Player.

REFERENCE LINKS:

Adobe Vulnerability identifier: APSB13-09
SecurityTracker Alert ID:  1028277
CVE-2013-0646
CVE-2013-0650
CVE-2013-1371
CVE-2013-1375

IMPACT ASSESSMENT:

High

DISCUSSION:

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

An integer overflow may occur [CVE-2013-0646].

A use-after-free may occur [CVE-2013-0650].

A memory corruption error may occur [CVE-2013-1371].

A heap buffer overflow may occur [CVE-2013-1375].

IMPACT:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

Adobe recommends users update their product installations to the latest versions

Addthis