Unrated severityNVD Advisory· Published Feb 12, 2013· Updated Apr 29, 2026

CVE-2013-0639

Description

Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player integer overflow allows remote code execution; affects versions before 10.3.183.63 and 11.x before 11.6.602.168.

Vulnerability

CVE-2013-0639 is an integer overflow vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x. It also affects Adobe AIR before 3.6.0.597 and Adobe AIR SDK before 3.6.0.599. The vulnerability exists due to an integer overflow in unspecified code paths, which can be triggered by specially crafted Flash content [1][2].

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a malicious Flash file or visit a website hosting crafted Flash content. No authentication is required, as the attack is remotely exploitable. The exploitation vector is unspecified but likely involves a SWF file that triggers the integer overflow [2].

Impact

Successful exploitation allows an attacker to execute arbitrary code on the affected system. This can lead to full compromise of the victim's machine, including data theft, installation of malware, or further network propagation. The impact is rated as critical due to the potential for remote code execution [1][2].

Mitigation

Adobe has released updates to fix this vulnerability: Flash Player 10.3.183.63/61/270, 11.6.602.168/167/270; AIR 3.6.0.597/599. Users should update to these versions immediately. Red Hat provided updates for Linux via RHSA-2013-0254 [1]. US-CERT also released an advisory urging patching [2]. No workarounds have been documented.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Air2 versions
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.6.0.597
- (no CPE)range: <3.6.0.597
Adobe Inc./Air Sdk
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
Range: <3.6.0.599
Adobe Inc./Flashplayer
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Range: >=10.3,<10.3.183.63
Adobe Inc./Flash Playerllm-fuzzy
Range: <10.3.183.63, >=11.0.0.0 & <11.6.602.168

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-0254.htmlnvdThird Party Advisory
www.adobe.com/support/security/bulletins/apsb13-05.htmlnvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA13-043A.htmlnvdThird Party AdvisoryUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000