You are here

V-176: Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code

June 12, 2013 - 12:15am

Addthis

PROBLEM:

Adobe Flash Player Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code

PLATFORM:

Adobe Flash Player 11.7.700.202 and earlier versions for Windows
Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh
Adobe Flash Player 11.2.202.285  and earlier versions for Linux
Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x
Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x
Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh
Adobe AIR 3.7.0.1860 and earlier versions for Android
Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions

ABSTRACT:

A vulnerability was reported in Adobe Flash Player.

REFERENCE LINKS:

Adobe Vulnerability identifier: APSB13-16
SecurityTracker Alert ID:  1028652
CVE-2013-3343

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A remote user can create specially crafted Flash content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

IMPACT:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

Adobe recommends users update their product installations to the latest versions

Addthis