CVE-2013-5324: Buffer Overflow
First published: Wed Sep 11 2013(Updated: )
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | >=11.0<11.7.700.242 | |
| Macromedia Flash Player | >=11.8<11.8.800.168 | |
| Apple iOS and macOS | ||
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | >=11.0<11.2.202.310 | |
| Linux Kernel | ||
| Macromedia Flash Player | >=11.0<11.1.111.73 | |
| Android | >=2.0<=2.3.7 | |
| Android | >=3.0<=3.2.6 | |
| Macromedia Flash Player | >=11.0<11.1.115.81 | |
| Android | >=4.0<=4.4.4 | |
| Adobe | <3.8.0.1430 | |
| Adobe AIR | <3.8.0.1430 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00040.html
- http://rhn.redhat.com/errata/RHSA-2013-1256.html
- http://www.adobe.com/support/security/bulletins/apsb13-21.html
Frequently Asked Questions
What is the severity of CVE-2013-5324?
CVE-2013-5324 has been rated as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2013-5324?
To fix CVE-2013-5324, users should upgrade to Adobe Flash Player version 11.7.700.242 or later.
Which versions of Adobe Flash Player are affected by CVE-2013-5324?
Adobe Flash Player versions prior to 11.7.700.242 on Windows and Mac OS X, and earlier than version 11.2.202.310 on Linux are affected by CVE-2013-5324.
Are mobile platforms affected by CVE-2013-5324?
Yes, versions of Adobe Flash Player prior to 11.1.111.73 on Android 2.x and 3.x, and earlier than 11.1.115.81 on Android 4.x are vulnerable.
Is Adobe AIR impacted by CVE-2013-5324?
Yes, Adobe AIR versions before 3.8.0.1430 are also impacted by CVE-2013-5324.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/11.0
- version/macromedia flash player/11.8
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows operating system
- vendor/linux
- canonical/linux kernel
- vendor/google
- canonical/android
- version/android/2.0
- version/android/2.3.7
- version/android/3.0
- version/android/3.2.6
- version/android/4.0
- version/android/4.4.4
- canonical/adobe
- canonical/adobe air