BlackBerry < Multiple Flash Player Code Execution Vulnerabilities

High Nessus Plugin ID 71992


The version of BlackBerry 10 OS is affected by multiple remote code execution vulnerabilities.


The mobile device uses a version of BlackBerry 10 OS that is prior to It is, therefore, affected by the following vulnerabilities in the version of Flash Player supplied with it :

- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to cause a denial of service or to execute arbitrary code. (CVE-2013-1378, CVE-2013-1379, CVE-2013-1380)

- An integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2013-2555)

Note that this plugin has relied solely on the version of the installed OS and has not attempted to verify whether Flash content is disabled in the device's browser.


Upgrade to BlackBerry version or later. Alternatively, refer to the vendor's advisory to disable Flash content.

See Also

Plugin Details

Severity: High

ID: 71992

File Name: blackberry_10_1_0_1880.nbin

Version: $Revision: 1.32 $

Type: local

Published: 2014/01/16

Modified: 2018/01/29

Dependencies: 60033

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:blackberry:blackberry_os, cpe:/a:adobe:flash_player

Required KB Items: mdm/dependency/unlocked

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/05/14

Vulnerability Publication Date: 2013/03/07

Reference Information

CVE: CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555

BID: 58396, 58947, 58949, 58951

OSVDB: 91203, 92141, 92142, 92143