[SingCERT] Adobe Flash Player Update

Published on Wednesday, 04 September 2013 14:12

[ Summary ]

Adobe has released security updates for Adobe Flash Player to address several vulnerabilities that could cause arbitrary code to be executed on the affected system.

A remote user can create specially crafted Flash content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the affected system. The code will run with the privileges of the affected user.

A heap buffer overflow may occur [CVE-2013-3344].

A memory corruption error may allow code execution [CVE-2013-3345].

An integer overflow when resampling a user-supplied PCM buffer may occur [CVE-2013-3347].


[ Affected Software ] 

  • Adobe Flash Player 11.7.700.224 and earlier versions for Windows
  • Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh
  • Adobe Flash Player 11.2.202.291  and earlier versions for Linux
  • Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x


[ Impact Analysis ]

A remote user can create content that, when loaded by the affected user, will execute arbitrary code on the affected system.


[ Workaround/Solution ]

Updates are available. Users are advised to update their Flash Player to avoid being exploited.

Google Chrome users can update their Flash Player by updating Google Chrome to the latest version.


[ Reference ]

http://www.adobe.com/support/security/bulletins/apsb13-17.html