08 Jan 2013
11 Jan 2013
Adobe AIR 3.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
A vulnerability has been reported in Adobe Flash Player and Adobe AIR, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow error within "flash.display.BitmapData()", which can be exploited to cause a heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following products and versions:
Update to a fixed version.
Adobe Flash Player for Windows and Macintosh:
Adobe Flash Player for Linux:
Adobe Flash Player for Android 4.x:
Adobe Flash Player for Android 3.x and prior:
Adobe AIR for Windows:
Adobe AIR for Macintosh:
Adobe AIR SDK (includes AIR for iOS):
The vendor credits Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna of the Google Security Team.