CVE-2013-1369: Buffer Overflow
First published: Tue Feb 12 2013(Updated: )
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=10.3<10.3.183.63 | |
| Adobe Acrobat Reader | >=11.6<11.6.602.168 | |
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=10.3<10.3.183.61 | |
| Adobe Acrobat Reader | >=11.2<11.2.202.270 | |
| Linux Kernel | ||
| Adobe Acrobat Reader | >=11.1<11.1.111.43 | |
| Android | >=2.0<=2.3.7 | |
| Android | >=3.0<=3.2.6 | |
| Adobe Acrobat Reader | >=11.1<11.1.115.47 | |
| Android | >=4.0<=4.4.4 | |
| Adobe AIR SDK | <3.6.0.597 | |
| Adobe AIR | <3.6.0.599 | |
| Adobe Acrobat Reader | >=11.6<11.6.602.167 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html
- http://rhn.redhat.com/errata/RHSA-2013-0254.html
- http://www.adobe.com/support/security/bulletins/apsb13-05.html
- http://www.us-cert.gov/cas/techalerts/TA13-043A.html
Frequently Asked Questions
What is the severity of CVE-2013-1369?
CVE-2013-1369 is classified as a critical vulnerability due to its potential impact on system integrity.
How do I fix CVE-2013-1369?
To fix CVE-2013-1369, update Adobe Flash Player to the latest version as specified in the security advisory.
What are the affected platforms for CVE-2013-1369?
CVE-2013-1369 affects Adobe Flash Player versions prior to 10.3.183.63 on Windows, 10.3.183.61 on Mac, and earlier versions on Linux and Android devices.
What types of attacks can exploit CVE-2013-1369?
CVE-2013-1369 can be exploited through specially crafted flash files that may lead to arbitrary code execution.
Is there a workaround for CVE-2013-1369?
While updating is the recommended approach, disabling Adobe Flash Player may serve as a temporary workaround for CVE-2013-1369.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/10.3
- version/adobe acrobat reader/11.6
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/11.2
- vendor/linux
- canonical/linux kernel
- version/adobe acrobat reader/11.1
- vendor/google
- canonical/android
- version/android/2.0
- version/android/2.3.7
- version/android/3.0
- version/android/3.2.6
- version/android/4.0
- version/android/4.4.4
- canonical/adobe air sdk
- canonical/adobe air
- vendor/apple
- canonical/apple ios and macos