PROBLEM:
Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code
PLATFORM:
Version(s): 1.6.602.171 and prior for Windows/Mac; other versions on other platforms
ABSTRACT:
Several vulnerabilities were reported in Adobe Flash Player.
REFERENCE LINKS:
Adobe Vulnerability identifier: APSB13-09
SecurityTracker Alert ID: 1028277
CVE-2013-0646
CVE-2013-0650
CVE-2013-1371
CVE-2013-1375
IMPACT ASSESSMENT:
High
DISCUSSION:
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
An integer overflow may occur [CVE-2013-0646].
A use-after-free may occur [CVE-2013-0650].
A memory corruption error may occur [CVE-2013-1371].
A heap buffer overflow may occur [CVE-2013-1375].
IMPACT:
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
SOLUTION:
Adobe recommends users update their product installations to the latest versions