CVE-2013-3363
Description
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-5324.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player and AIR before certain versions contain a memory corruption vulnerability that allows arbitrary code execution or denial of service.
Vulnerability
Adobe Flash Player versions before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 are affected by a memory corruption vulnerability (CVE-2013-3363). The vulnerability is triggered via unspecified vectors, leading to memory corruption.
Exploitation
An attacker can exploit this vulnerability by enticing a user to open a specially crafted Flash content. No authentication is required, and the attack can be delivered remotely via web pages or email attachments. The exact exploitation steps are not detailed in the available references, but the vulnerability is known to be exploitable for arbitrary code execution.
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the affected application, potentially leading to full system compromise. Alternatively, it can cause a denial of service due to memory corruption. The impact is critical, with CVSS score not provided but likely high.
Mitigation
Adobe released updates to fix this vulnerability: Flash Player 11.7.700.242, 11.8.800.168, 11.2.202.310, 11.1.111.73, 11.1.115.81; AIR 3.8.0.1430; and AIR SDK & Compiler 3.8.0.1430. Red Hat issued RHSA-2013:1256 to update the flash-plugin package for Red Hat Enterprise Linux [1]. Users should apply the latest updates from Adobe or their vendor.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.8.0.1430
- (no CPE)range: before 3.8.0.1430
- Range: before 3.8.0.1430
- Range: before 11.7.700.242, 11.8.x before 11.8.800.168, before 11.2.202.310, before 11.1.111.73, before 11.1.115.81
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.adobe.com/support/security/bulletins/apsb13-21.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2013-09/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-09/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-09/msg00040.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-1256.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.