Unrated severityNVD Advisory· Published Mar 11, 2013· Updated Apr 29, 2026

CVE-2013-2555

Description

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

Affected products

Adobe Inc./Flash Player
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Range: <=11.1.115.48
Adobe Inc./Air
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Range: <=3.6.0.6090
OpenSUSE/openSUSE4 versions
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus2 versions
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus2 versions
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2013-04/msg00081.htmlnvdMailing ListThird Party Advisory
marc.infonvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-0730.htmlnvdThird Party Advisory
twitter.com/thezdi/statuses/309756927301283840nvdThird Party Advisory
www.adobe.com/support/security/bulletins/apsb13-11.htmlnvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2013-04/0197.htmlnvdBroken Link
h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157nvdPermissions Required
twitter.com/VUPEN/statuses/309713355466227713nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000