Adobe Flash Player contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
This update corrects three vulnerabilities. One resolved vulnerability is due to a buffer overflow vulnerability in the affected software, which could lead to arbitrary code execution or cause the affected software to terminate abruptly. In addition, one memory corruption vulnerability and one integer overflow vulnerability that exists when resampling a user-supplied PCM buffer, leading to arbitrary code execution on the system have been mitigated.
The following products are vulnerable:
- Adobe Flash Player for Windows versions 11.7.700.224 and prior
- Adobe Flash Player for Macintosh versions 11.7.700.225 and prior
- Adobe Flash Player for Linux versions 220.127.116.111 and prior
- Adobe Flash Player for Google Chrome version 11.7.700.225
- Adobe Flash Player for Android versions 18.104.22.168 and prior
An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code or cause a DoS condition on the system. To exploit these vulnerabilities, the attacker may provide a file to the user and persuade the user to open or execute the file by using misleading language or instructions.
Administrators are advised to apply the appropriate updates.
Adobe has confirmed these vulnerabilities in a security bulletin at the following link: APSB13-17
Adobe has released updated software at the following links:
FreeBSD has released a VuXML document at the following link: linux-flashplugin -- multiple vulnerabilities. FreeBSD releases ports collection updates at the following link: Ports Collection Index.
Adobe Flash Player 11.8.800.94 for Windows and Macintosh
Adobe Flash Player 22.214.171.1247 for Linux
Adobe Flash Player for Android 126.96.36.199 (via device software update)
Microsoft has released a security advisory at the following link: Microsoft Security Advisory (2755801)
. Microsoft has released software updates at the following link: KB2857645
Red Hat has released official CVE statements and a security advisory for bug 982749 at the following links: RHSA-2013-1035
Red Hat has released updated software for registered subscribers at the following link: Red Hat Network
. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum