CVE-2013-3362: Buffer Overflow
First published: Thu Sep 12 2013(Updated: )
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=11.0<11.7.700.242 | |
| Adobe Acrobat Reader | >=11.8<11.8.800.168 | |
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=11.0<11.2.202.310 | |
| Linux Kernel | ||
| Adobe Acrobat Reader | >=11.0<11.1.111.73 | |
| Android | >=2.0<=2.3.7 | |
| Android | >=3.0<=3.2.6 | |
| Adobe Acrobat Reader | >=11.0<11.1.115.81 | |
| Android | >=4.0<=4.4.4 | |
| Adobe AIR SDK | <3.8.0.1430 | |
| Adobe AIR | <3.8.0.1430 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00040.html
- http://rhn.redhat.com/errata/RHSA-2013-1256.html
- http://www.adobe.com/support/security/bulletins/apsb13-21.html
Frequently Asked Questions
What is the severity of CVE-2013-3362?
CVE-2013-3362 has a critical severity level, potentially allowing attackers to execute arbitrary code.
How do I fix CVE-2013-3362?
To fix CVE-2013-3362, users should update Adobe Flash Player and Adobe AIR to the latest versions.
Which versions of Adobe Flash Player are affected by CVE-2013-3362?
Adobe Flash Player versions prior to 11.7.700.242 for Windows and Mac OS X, and prior to 11.2.202.310 for Linux, are affected.
Is Adobe AIR affected by CVE-2013-3362?
Yes, all versions of Adobe AIR prior to 3.8.0.1430 are affected by CVE-2013-3362.
What platforms are impacted by CVE-2013-3362?
CVE-2013-3362 affects Adobe Flash Player on Windows, Mac OS X, Linux, and various Android versions.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/11.0
- version/adobe acrobat reader/11.8
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- vendor/linux
- canonical/linux kernel
- vendor/google
- canonical/android
- version/android/2.0
- version/android/2.3.7
- version/android/3.0
- version/android/3.2.6
- version/android/4.0
- version/android/4.4.4
- canonical/adobe air sdk
- canonical/adobe air