CVE-2013-3362
Description
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player and AIR before specific versions contain a memory corruption vulnerability allowing arbitrary code execution or denial of service.
Vulnerability
CVE-2013-3362 is a memory corruption vulnerability in Adobe Flash Player and Adobe AIR. Affected versions include Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 [1]. The vulnerability is triggered via unspecified vectors, indicating a code path that can be reached through crafted content.
Exploitation
An attacker can exploit this vulnerability by delivering a specially crafted Flash (SWF) file or AIR application to a target user. No authentication is required, and the attack can be conducted remotely. The user must open the malicious file or visit a web page hosting the exploit. The exact exploitation steps are not publicly detailed, but the unspecified vectors suggest a memory corruption that can be triggered without special privileges.
Impact
Successful exploitation allows an attacker to execute arbitrary code on the affected system or cause a denial of service (memory corruption). The attacker gains the ability to run code at the privilege level of the user running the Flash or AIR application, potentially leading to full system compromise. The impact is consistent with remote code execution and denial of service.
Mitigation
Adobe released fixed versions as listed in the vulnerability description. For Red Hat Enterprise Linux, the fix is provided via RHSA-2013:1256, updating flash-plugin to version 11.2.202.310 [1]. Users should update to the latest available versions for their platform. No workarounds are documented; the only mitigation is to apply the patch.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.8.0.1430
- (no CPE)range: before 3.8.0.1430
- Range: before 3.8.0.1430
- Range: before 11.7.700.242, 11.8.x before 11.8.800.168, before 11.2.202.310, before 11.1.111.73, before 11.1.115.81
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.adobe.com/support/security/bulletins/apsb13-21.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2013-09/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-09/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-09/msg00040.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-1256.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.