CVE-2013-3361: Buffer Overflow
First published: Thu Sep 12 2013(Updated: )
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=11.0<11.7.700.242 | |
| Adobe Acrobat Reader | >=11.8<11.8.800.168 | |
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=11.0<11.2.202.310 | |
| Linux Kernel | ||
| Adobe Acrobat Reader | >=11.0<11.1.111.73 | |
| Android | >=2.0<=2.3.7 | |
| Android | >=3.0<=3.2.6 | |
| Adobe Acrobat Reader | >=11.0<11.1.115.81 | |
| Android | >=4.0<=4.4.4 | |
| Adobe AIR SDK | <3.8.0.1430 | |
| Adobe AIR | <3.8.0.1430 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00040.html
- http://rhn.redhat.com/errata/RHSA-2013-1256.html
- http://www.adobe.com/support/security/bulletins/apsb13-21.html
Frequently Asked Questions
What is the severity of CVE-2013-3361?
CVE-2013-3361 is classified as a critical vulnerability that could allow attackers to execute arbitrary code.
How do I fix CVE-2013-3361?
To fix CVE-2013-3361, update Adobe Flash Player to version 11.7.700.242 or later.
Which versions of Adobe Flash Player are affected by CVE-2013-3361?
CVE-2013-3361 affects Adobe Flash Player versions prior to 11.7.700.242 and 11.8.x before 11.8.800.168.
Is Adobe AIR also affected by CVE-2013-3361?
Yes, CVE-2013-3361 impacts Adobe AIR versions prior to 3.8.0.1430.
What operating systems are vulnerable to CVE-2013-3361?
CVE-2013-3361 affects Windows, Mac OS X, Linux, and Android versions that use vulnerable Adobe Flash Player versions.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/11.0
- version/adobe acrobat reader/11.8
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- vendor/linux
- canonical/linux kernel
- vendor/google
- canonical/android
- version/android/2.0
- version/android/2.3.7
- version/android/3.0
- version/android/3.2.6
- version/android/4.0
- version/android/4.4.4
- canonical/adobe air sdk
- canonical/adobe air