BID:58438

Adobe Flash Player and AIR CVE-2013-1371 Memory Corruption Vulnerability

Info

Adobe Flash Player and AIR CVE-2013-1371 Memory Corruption Vulnerability

Bugtraq ID:	58438
Class:	Unknown
CVE:	CVE-2013-1371
Remote:	Yes
Local:	No
Published:	Mar 12 2013 12:00AM
Updated:	Mar 19 2015 08:24AM
Credit:	Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna of the Google Security Team
Vulnerable:	SuSE Suse Linux Enterprise Desktop 11 SP2 + Linux kernel 2.6.5 SuSE Suse Linux Enterprise Desktop 10 SP4 + Linux kernel 2.6.5 S.u.S.E. openSUSE 12.3 S.u.S.E. openSUSE 12.2 S.u.S.E. openSUSE 12.1 S.u.S.E. openSUSE 11.4 Rim PlayBook Tablet Software 2.1 1526 Rim 10 OS 10.1 Redhat Enterprise Linux Workstation Supplementary 6 Redhat Enterprise Linux Supplementary 5 server Redhat Enterprise Linux Server Supplementary 6 Redhat Enterprise Linux Desktop Supplementary 6 Redhat Enterprise Linux Desktop Supplementary 5 client Microsoft Windows Server 2012 0 Microsoft Windows RT 0 Microsoft Windows 8 for 64-bit Systems 0 Microsoft Windows 8 for 32-bit Systems 0 Microsoft Internet Explorer 10 + Microsoft Windows 7 for 32-bit Systems SP1 + Microsoft Windows 7 for 32-bit Systems SP1 + Microsoft Windows 7 for x64-based Systems SP1 + Microsoft Windows 7 for x64-based Systems SP1 + Microsoft Windows 8 for 32-bit Systems 0 + Microsoft Windows 8 for 32-bit Systems 0 + Microsoft Windows 8 for x64-based Systems 0 + Microsoft Windows 8 for x64-based Systems 0 + Microsoft Windows RT 0 + Microsoft Windows RT 0 + Microsoft Windows Server 2008 R2 for x64-based Systems SP1 + Microsoft Windows Server 2008 R2 for x64-based Systems SP1 + Microsoft Windows Server 2012 0 + Microsoft Windows Server 2012 0 + Microsoft Windows Server 2012 0 HP Systems Insight Manager 7.1.1 HP Systems Insight Manager 7.0 HP Systems Insight Manager 6.3 HP Systems Insight Manager 6.2 HP Systems Insight Manager 6.1 HP Systems Insight Manager 6.0.0.96 HP Systems Insight Manager 6.0 Google Chrome 25.0.1364 160 Google Chrome 25.0.1364.99 Google Chrome 25.0.1364.97 Google Chrome 25.0.1364.152 Google Chrome 25 Google Chrome 24.0.1312.70 Google Chrome 24.0.1312.57 Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.52 Google Chrome 23.0.1271.97 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.64 Google Chrome 22.0.1229.94 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.79 Google Chrome 22 Google Chrome 21.0.1180.89 Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.82 Google Chrome 21.0.1180.81 Google Chrome 21.0.1180.79 Google Chrome 21.0.1180.75 Google Chrome 21.0.1180.60 Google Chrome 21.0.1180.50 Google Chrome 21.0.1180.49 Google Chrome 21 Google Chrome 20.0.1132.57 Google Chrome 20.0.1132.43 Google Chrome 20.0.1132.23 Google Chrome 20 Adobe Flash Player For Linux 11.2.202 297 Adobe Flash Player For Linux 11.2.202.273 Adobe Flash Player For Linux 11.2.202.270 Adobe Flash Player For Linux 11.2.202.262 Adobe Flash Player For Linux 11.2.202.261 Adobe Flash Player For Linux 11.2.202.258 Adobe Flash Player For Linux 11.2.202.251 Adobe Flash Player For Linux 11.2.202.243 Adobe Flash Player For Linux 11.2.202.238 Adobe Flash Player for Android 11.1.115.47 Adobe Flash Player for Android 11.1.115.37 Adobe Flash Player for Android 11.1.115.36 Adobe Flash Player for Android 11.1.115.34 Adobe Flash Player for Android 11.1.115.27 Adobe Flash Player for Android 11.1.115.20 Adobe Flash Player for Android 11.1.115.17 Adobe Flash Player for Android 11.1.115.11 Adobe Flash Player for Android 11.1.111.43 Adobe Flash Player for Android 11.1.111.32 Adobe Flash Player for Android 11.1.111.31 Adobe Flash Player for Android 11.1.111.29 Adobe Flash Player for Android 11.1.111.24 Adobe Flash Player for Android 11.1.111.19 Adobe Flash Player for Android 11.1.111.16 Adobe Flash Player for Android 11.1.111.10 Adobe Flash Player 11.6.602 105 Adobe Flash Player 11.6.602.171 Adobe Flash Player 11.6.602.168 Adobe Flash Player 11.6.602.167 Adobe AIR 3.6.0.599 Adobe AIR 3.6.0.597

Not Vulnerable:	Rim PlayBook Tablet Software 2.1.0.1753 Rim 10 OS 10.1.0.1720 HP Systems Insight Manager 7.3 Google Chrome 25.0.1364.172 BlackBerry 7 OS 0 Adobe Flash Player for Mac 11.6.602.180 Adobe Flash Player For Linux 11.2.202.310 Adobe Flash Player For Linux 11.2.202.275 Adobe Flash Player for Android 11.1.115.48 Adobe Flash Player for Android 11.1.111.44 Adobe Flash Player 11.6.602.180 Adobe AIR 3.6.0.6090

Discussion

Adobe Flash Player and AIR CVE-2013-1371 Memory Corruption Vulnerability

Adobe Flash Player and AIR are prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition.

Exploit / POC

Adobe Flash Player and AIR CVE-2013-1371 Memory Corruption Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Adobe Flash Player and AIR CVE-2013-1371 Memory Corruption Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Adobe Flash Player and AIR CVE-2013-1371 Memory Corruption Vulnerability

References:

Adobe AIR homepage (Adobe)
Adobe Flash Homepage (Adobe)
BSRT-2013-007 Vulnerabilities in Adobe Flash Player version included with the Bl (BlackBerry)
Stable Channel Update 25.0.1364.172 (Google)
Adobe Flash Player: Multiple vulnerabilities (Gentoo)
APSB13-09: Security updates available for Adobe Flash Player (Adobe)
HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution (HP)
Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash (Microsoft)