CVE-2013-1374: Use After Free
First published: Tue Feb 12 2013(Updated: )
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=10.3<10.3.183.63 | |
| Adobe Acrobat Reader | >=11.6<11.6.602.168 | |
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=10.3<10.3.183.61 | |
| Adobe Acrobat Reader | >=11.2<11.2.202.270 | |
| Linux Kernel | ||
| Adobe Acrobat Reader | >=11.1<11.1.111.43 | |
| Android | >=2.0<=2.3.7 | |
| Android | >=3.0<=3.2.6 | |
| Adobe Acrobat Reader | >=11.1<11.1.115.47 | |
| Android | >=4.0<=4.4.4 | |
| Adobe AIR SDK | <3.6.0.597 | |
| Adobe AIR | <3.6.0.599 | |
| Adobe Acrobat Reader | >=11.6<11.6.602.167 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html
- http://rhn.redhat.com/errata/RHSA-2013-0254.html
- http://www.adobe.com/support/security/bulletins/apsb13-05.html
- http://www.us-cert.gov/cas/techalerts/TA13-043A.html
Frequently Asked Questions
What is the severity of CVE-2013-1374?
CVE-2013-1374 is classified as a critical vulnerability in Adobe Flash Player, as it enables potential remote code execution.
How do I fix CVE-2013-1374?
To fix CVE-2013-1374, users should update Adobe Flash Player to the latest version released by Adobe.
Which versions of Adobe Flash Player are affected by CVE-2013-1374?
CVE-2013-1374 affects Adobe Flash Player versions before 10.3.183.63, 11.x before 11.6.602.168 on Windows, Mac OS X, Linux, and certain Android versions.
What types of attacks can exploit CVE-2013-1374?
CVE-2013-1374 can be exploited through crafted Flash content, potentially leading to unauthorized access or execution of malicious code.
Is there a workaround for CVE-2013-1374 while waiting for a patch?
There is no reliable workaround for CVE-2013-1374, and users are strongly advised to upgrade to a patched version of Adobe Flash Player.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/10.3
- version/adobe acrobat reader/11.6
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/11.2
- vendor/linux
- canonical/linux kernel
- version/adobe acrobat reader/11.1
- vendor/google
- canonical/android
- version/android/2.0
- version/android/2.3.7
- version/android/3.0
- version/android/3.2.6
- version/android/4.0
- version/android/4.4.4
- canonical/adobe air sdk
- canonical/adobe air
- vendor/apple
- canonical/apple ios and macos