Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
oryginał ENAV:N/AC:L/Au:N/C:C/I:C/A:CAdobe Air
APPAdobe≤ 3.6.0.6090Adobe Flash Player
APPAdobe≤ 11.1.111.44≤ 11.1.115.4811.0 – 11.6.602.18011.0 – 11.2.202.275< 10.3.183.75≤ 10.3.183.75Apple macOS
OSApplewszystkie wersjeGoogle Android
OSGoogle4.0 – 4.4.42.0 – 3.2.6Linux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersjeOpensuse
OSOpensuse11.412.112.212.3Red Hat Enterprise Linux Desktop
OSRedhat6.0Red Hat Enterprise Linux Eus
OSRedhat5.96.4Red Hat Enterprise Linux Server
OSRedhat6.0Red Hat Enterprise Linux Server Aus
OSRedhat5.96.4Red Hat Enterprise Linux Workstation
OSRedhat6.0SUSE Linux Enterprise Desktop
OSSuse11
Powiązane podatności
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP