920186 – (CVE-2013-2555) CVE-2013-2555 flash-plugin: Remote attackers able to execute arbitrary code via vectors that leverage an 'overflow' (CanSecWest 2013)

Bug 920186 (CVE-2013-2555) - CVE-2013-2555 flash-plugin: Remote attackers able to execute arbitrary code via vectors that leverage an 'overflow' (CanSecWest 2013)

Summary: CVE-2013-2555 flash-plugin: Remote attackers able to execute arbitrary code v...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2013-2555
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	950184 950185 950186 950187
Blocks:	920189
TreeView+	depends on / blocked

Reported:	2013-03-11 14:14 UTC by Jan Lieskovsky
Modified:	2021-02-17 07:56 UTC (History)
CC List:	5 users (show)
Fixed In Version:	flash-plugin 11.2.202.280
Clone Of:
Environment:
Last Closed:	2013-04-10 09:49:21 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0730	0	normal	SHIPPED_LIVE	Critical: flash-plugin security update	2013-04-10 13:08:33 UTC

Description Jan Lieskovsky 2013-03-11 14:14:40 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2555 to the following vulnerability:

Adobe Flash Player 11.6.602.171 on Windows allows remote attackers to execute arbitrary code via vectors that leverage an "overflow," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2555
[2] http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
[3] http://twitter.com/VUPEN/statuses/309713355466227713
[4] http://twitter.com/thezdi/statuses/309756927301283840

Comment 1 Huzaifa S. Sidhpurwala 2013-03-18 05:08:50 UTC

Statement:

This issue affects the version of flash-plugin as shipped with Red Hat Enterprise Linux 5 and 6. Updates will be released as soon as they are made generally available by Adobe.

Comment 3 errata-xmlrpc 2013-04-10 09:10:01 UTC

This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2013:0730 https://rhn.redhat.com/errata/RHSA-2013-0730.html

Note You need to log in before you can comment on or make changes to this bug.