CVE-2013-3343: Buffer Overflow
First published: Wed Jun 12 2013(Updated: )
Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | >=10.0<10.3.183.90 | |
| Macromedia Flash Player | >=11.0<11.7.700.224 | |
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | >=11.0<11.2.202.291 | |
| Linux Kernel | ||
| Macromedia Flash Player | >=11.0<11.1.111.59 | |
| Android | >=2.0<=2.3.7 | |
| Android | >=3.0<=3.2.6 | |
| Macromedia Flash Player | >=11.0<11.1.115.63 | |
| Android | >=4.0<=4.4.4 | |
| Adobe | <3.7.0.2090 | |
| Android | ||
| Macromedia Flash Player | >=11.0<11.7.700.225 | |
| Apple iOS and macOS | ||
| Adobe AIR | <3.7.0.2090 | |
| Adobe | <3.7.0.2100 | |
| Adobe AIR | <3.7.0.2100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00016.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00164.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00179.html
- http://rhn.redhat.com/errata/RHSA-2013-0941.html
- http://www.adobe.com/support/security/bulletins/apsb13-16.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17030
Frequently Asked Questions
What is the severity of CVE-2013-3343?
The severity of CVE-2013-3343 is considered critical as it allows an attacker to execute arbitrary code on affected systems.
How do I fix CVE-2013-3343?
To fix CVE-2013-3343, users should update Adobe Flash Player to versions 10.3.183.90 or later for Windows and Mac, or 11.2.202.291 or later for Linux.
Which versions of Adobe Flash Player are affected by CVE-2013-3343?
CVE-2013-3343 affects Adobe Flash Player versions before 10.3.183.90 on Windows and Mac, and versions before 11.2.202.291 on Linux.
Does CVE-2013-3343 affect Adobe AIR?
Yes, CVE-2013-3343 affects Adobe AIR versions prior to 3.7.0.2090.
What platforms are impacted by CVE-2013-3343?
CVE-2013-3343 impacts Adobe Flash Player on Windows, Mac OS X, Linux, and Android platforms.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/10.0
- version/macromedia flash player/11.0
- vendor/microsoft
- canonical/microsoft windows operating system
- vendor/linux
- canonical/linux kernel
- vendor/google
- canonical/android
- version/android/2.0
- version/android/2.3.7
- version/android/3.0
- version/android/3.2.6
- version/android/4.0
- version/android/4.4.4
- canonical/adobe
- vendor/apple
- canonical/apple ios and macos
- canonical/adobe air