First published: Thu May 16 2013(Updated: )
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Macromedia Flash Player | <10.3.183.86 | |
Macromedia Flash Player | >=11.0<11.7.700.202 | |
Apple iOS and macOS | ||
Microsoft Windows Operating System | ||
Macromedia Flash Player | >=11.0<11.2.202.285 | |
Linux Kernel | ||
Macromedia Flash Player | <11.1.111.54 | |
Android | >=2.0<=2.3.7 | |
Android | >=3.0<=3.2.6 | |
Macromedia Flash Player | <11.1.115.58 | |
Android | >=4.0<=4.2 | |
Adobe | <3.7.0.1860 | |
Adobe AIR SDK | <3.7.0.1860 | |
Red Hat Enterprise Linux Desktop | =6.0 | |
Red Hat Enterprise Linux Server EUS | =5.9 | |
Red Hat Enterprise Linux Server EUS | =6.4 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Server | =5.9 | |
Red Hat Enterprise Linux Server | =6.4 | |
Red Hat Enterprise Linux Workstation | =6.0 | |
openSUSE | =11.4 | |
openSUSE | =12.2 | |
openSUSE | =12.3 | |
SUSE Linux Enterprise Desktop | =10-sp4 | |
SUSE Linux Enterprise Desktop | =11-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-2728 is rated as a critical vulnerability due to its potential for remote code execution.
To fix CVE-2013-2728, update Adobe Flash Player and Adobe AIR to the latest versions provided by Adobe.
CVE-2013-2728 affects Adobe Flash Player versions before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and macOS, as well as various versions on Linux and Android.
Yes, CVE-2013-2728 has been reported to be actively exploited in the wild.
Exploitation of CVE-2013-2728 can lead to unauthorized access and execution of arbitrary code on the affected systems.