CVE-2013-1374
Description
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free vulnerability in Adobe Flash Player and AIR allows remote code execution via crafted SWF files.
Vulnerability
A use-after-free vulnerability exists in Adobe Flash Player versions before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x. Adobe AIR before 3.6.0.597 and AIR SDK before 3.6.0.599 are also affected [2]. The flaw is triggered via unspecified vectors, likely involving crafted SWF content.
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by convincing a user to open a malicious Flash file, for example through a web page or email attachment. The use-after-free condition is triggered during processing of the crafted content, leading to memory corruption.
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the affected user. This could lead to full system compromise, including data theft, installation of malware, or denial of service [2].
Mitigation
Adobe released updates to address this vulnerability: Flash Player 10.3.183.63/11.6.602.168 (Windows), 10.3.183.61/11.6.602.167 (Mac), 10.3.183.61/11.2.202.270 (Linux), 11.1.111.43 (Android 2.x/3.x), 11.1.115.47 (Android 4.x), AIR 3.6.0.597, and AIR SDK 3.6.0.599 [2]. Red Hat also provided updated packages for Red Hat Enterprise Linux via RHSA-2013-0254 [1]. Users should apply the appropriate updates as soon as possible.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.6.0.597
- (no CPE)range: before 3.6.0.597
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <3.6.0.599
- (no CPE)range: before 3.6.0.599
- Range: before 10.3.183.63 and before 11.6.602.168
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0254.htmlnvdThird Party Advisory
- www.adobe.com/support/security/bulletins/apsb13-05.htmlnvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA13-043A.htmlnvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.