CVE-2013-1367: Buffer Overflow
First published: Tue Feb 12 2013(Updated: )
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | >=10.3<10.3.183.63 | |
| Macromedia Flash Player | >=11.6<11.6.602.168 | |
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | >=10.3<10.3.183.61 | |
| Macromedia Flash Player | >=11.2<11.2.202.270 | |
| Linux Kernel | ||
| Macromedia Flash Player | >=11.1<11.1.111.43 | |
| Android | >=2.0<=2.3.7 | |
| Android | >=3.0<=3.2.6 | |
| Macromedia Flash Player | >=11.1<11.1.115.47 | |
| Android | >=4.0<=4.4.4 | |
| Adobe | <3.6.0.597 | |
| Adobe AIR | <3.6.0.599 | |
| Macromedia Flash Player | >=11.6<11.6.602.167 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html
- http://rhn.redhat.com/errata/RHSA-2013-0254.html
- http://www.adobe.com/support/security/bulletins/apsb13-05.html
- http://www.us-cert.gov/cas/techalerts/TA13-043A.html
Frequently Asked Questions
What is the severity of CVE-2013-1367?
CVE-2013-1367 has a critical severity rating due to its potential to allow arbitrary code execution.
How do I fix CVE-2013-1367?
To fix CVE-2013-1367, update Adobe Flash Player to the latest version available for your operating system.
Which versions of Adobe Flash Player are affected by CVE-2013-1367?
CVE-2013-1367 affects Adobe Flash Player versions prior to 10.3.183.63 and 11.x prior to 11.6.602.168 on Windows, and equivalent versions on Mac OS X and Linux.
Is CVE-2013-1367 exploitable in Adobe AIR or AIR SDK?
Yes, CVE-2013-1367 can also affect Adobe AIR versions up to 3.6.0.597 and Adobe AIR SDK versions up to 3.6.0.599.
What platforms are affected by CVE-2013-1367?
CVE-2013-1367 affects Windows, Mac OS X, Linux, and Android platforms where vulnerable versions of Adobe Flash Player are installed.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/10.3
- version/macromedia flash player/11.6
- vendor/microsoft
- canonical/microsoft windows operating system
- version/macromedia flash player/11.2
- vendor/linux
- canonical/linux kernel
- version/macromedia flash player/11.1
- vendor/google
- canonical/android
- version/android/2.0
- version/android/2.3.7
- version/android/3.0
- version/android/3.2.6
- version/android/4.0
- version/android/4.4.4
- canonical/adobe
- canonical/adobe air
- vendor/apple
- canonical/apple ios and macos