CVE-2013-3361
Description
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player and AIR before specific versions contain a memory corruption vulnerability allowing arbitrary code execution or denial of service.
Vulnerability
CVE-2013-3361 is a memory corruption vulnerability in Adobe Flash Player and Adobe AIR. The flaw exists in Flash Player versions before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x. Adobe AIR before 3.8.0.1430 and Adobe AIR SDK & Compiler before 3.8.0.1430 are also affected. The vulnerability is triggered via unspecified vectors, likely involving crafted Flash content.
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a specially crafted Flash file or visit a malicious web page hosting the exploit. No authentication or special network position is required; the attack can be delivered remotely. The exact exploitation steps are not publicly detailed, but the memory corruption can be leveraged to execute arbitrary code.
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the affected application or cause a denial of service. On systems where Flash runs in a browser, this can lead to full compromise of the user's system, including data theft, installation of malware, or further network attacks.
Mitigation
Adobe released fixed versions: Flash Player 11.7.700.242, 11.8.800.168, 11.2.202.310, 11.1.111.73, and 11.1.115.81; Adobe AIR 3.8.0.1430; and Adobe AIR SDK & Compiler 3.8.0.1430. Red Hat also provided updated packages for Red Hat Enterprise Linux via RHSA-2013:1256 [1]. Users should apply updates as soon as possible. No workarounds are documented.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.8.0.1430
- (no CPE)range: <3.8.0.1430
- Range: <3.8.0.1430
- Range: <11.7.700.242 on Windows/Mac, <11.8.800.168 on Windows/Mac, <11.2.202.310 on Linux, <11.1.111.73 on Android 2.x/3.x, <11.1.115.81 on Android 4.x
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.adobe.com/support/security/bulletins/apsb13-21.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2013-09/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-09/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-09/msg00040.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-1256.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.