CVE-2013-0644: Use After Free
First published: Tue Feb 12 2013(Updated: )
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0649 and CVE-2013-1374.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | >=10.3<10.3.183.63 | |
| Macromedia Flash Player | >=11.6<11.6.602.168 | |
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | >=10.3<10.3.183.61 | |
| Macromedia Flash Player | >=11.2<11.2.202.270 | |
| Linux Kernel | ||
| Macromedia Flash Player | >=11.1<11.1.111.43 | |
| Android | >=2.0<=2.3.7 | |
| Android | >=3.0<=3.2.6 | |
| Macromedia Flash Player | >=11.1<11.1.115.47 | |
| Android | >=4.0<=4.4.4 | |
| Adobe | <3.6.0.597 | |
| Adobe AIR | <3.6.0.599 | |
| Macromedia Flash Player | >=11.6<11.6.602.167 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html
- http://rhn.redhat.com/errata/RHSA-2013-0254.html
- http://www.adobe.com/support/security/bulletins/apsb13-05.html
- http://www.us-cert.gov/cas/techalerts/TA13-043A.html
Frequently Asked Questions
What is the severity of CVE-2013-0644?
CVE-2013-0644 is classified as a critical vulnerability due to the potential for remote code execution.
How do I fix CVE-2013-0644?
To mitigate CVE-2013-0644, update Adobe Flash Player to version 10.3.183.63 or later for Windows, 11.x versions as specified for other platforms.
Which software is affected by CVE-2013-0644?
CVE-2013-0644 affects Adobe Flash Player versions prior to 10.3.183.63 on Windows and various 11.x versions across multiple operating systems.
Can CVE-2013-0644 be exploited remotely?
Yes, CVE-2013-0644 can potentially be exploited remotely, allowing attackers to execute arbitrary code on vulnerable systems.
Is this vulnerability present in Adobe AIR?
Yes, CVE-2013-0644 also impacts certain versions of Adobe AIR prior to 3.6.0.597.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/author
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/10.3
- version/macromedia flash player/11.6
- vendor/microsoft
- canonical/microsoft windows operating system
- version/macromedia flash player/11.2
- vendor/linux
- canonical/linux kernel
- version/macromedia flash player/11.1
- vendor/google
- canonical/android
- version/android/2.0
- version/android/2.3.7
- version/android/3.0
- version/android/3.2.6
- version/android/4.0
- version/android/4.4.4
- canonical/adobe
- canonical/adobe air
- vendor/apple
- canonical/apple ios and macos