Vulnerability CVE-2013-3362

Vulnerability Name:

CVE-2013-3362 (CCN-86989)

Assigned:

2013-09-10

Published:

2013-09-10

Updated:

2018-12-13

Summary:

Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-3362

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2013:1456

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SU-2013:1464

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2013:1459

Source: CCN
Type: RHSA-2013-1256
Critical: flash-plugin security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2013:1256

Source: CCN
Type: SA54697
Adobe Flash Player / AIR Multiple Vulnerabilities

Source: CCN
Type: Adobe Product Security Bulletin APSB13-21
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb13-21.html

Source: CCN
Type: BID-62294
Adobe Flash Player and AIR CVE-2013-3362 Remote Memory Corruption Vulnerability

Source: XF
Type: UNKNOWN
adobe-cve20133362-code-exec(86989)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-3362

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.7.700.242)

OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.8 and < 11.8.800.168)

AND

cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.2.202.310)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.1.111.73)

AND

cpe:/o:google:android:*:*:*:*:*:*:*:* (Version >= 2.0 and <= 2.3.7)

OR cpe:/o:google:android:*:*:*:*:*:*:*:* (Version >= 3.0 and <= 3.2.6)

Configuration 4:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.1.115.81)

AND

cpe:/o:google:android:*:*:*:*:*:*:*:* (Version >= 4.0 and <= 4.4.4)

Configuration 5:

cpe:/a:adobe:air:*:*:*:*:*:*:*:* (Version < 3.8.0.1430)

OR cpe:/a:adobe:air_sdk:*:*:*:*:*:*:*:* (Version < 3.8.0.1430)

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:11.01.152:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.01.153:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.6:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.7:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.9:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.115.8:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.3.300.270:*:*:*:*:*:*:*

OR cpe:/a:adobe:adobe_air:3.8.0.870:*:*:*:*:*:*:*

OR cpe:/a:adobe:adobe_air:3.8.0.910:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.8.800.94:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:52002	P	Security update for haproxy (Critical)	2023-02-14
oval:org.opensuse.security:def:51934	P	Security update for python3 (Important)	2022-10-06
oval:org.opensuse.security:def:5302	P	Security update for postgresql12 (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:5335	P	Security update for postgresql10 (Important)	2022-08-26
oval:org.opensuse.security:def:5277	P	Security update for the Linux Kernel (Important)	2022-06-20
oval:org.opensuse.security:def:20133362	V	CVE-2013-3362	2022-05-20
oval:org.opensuse.security:def:6026	P	Security update for xen (Moderate)	2022-05-03
oval:org.opensuse.security:def:5366	P	Security update for flac (Moderate)	2022-03-14
oval:org.opensuse.security:def:5353	P	Security update for php72 (Moderate)	2022-02-25
oval:org.opensuse.security:def:5344	P	Security update for xen (Important)	2022-02-17
oval:org.opensuse.security:def:6004	P	Security update for MozillaFirefox (Important)	2022-01-18
oval:org.opensuse.security:def:10711	P	Security update for MozillaThunderbird (Important)	2022-01-12
oval:org.opensuse.security:def:51768	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:5168	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:10663	P	Security update for ffmpeg (Moderate)	2021-10-26
oval:org.opensuse.security:def:5132	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:5121	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:51662	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:5119	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:5110	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:10692	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:5101	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:5792	P	Security update for apache-commons-compress (Important)	2021-08-05
oval:org.opensuse.security:def:5770	P	Security update for sqlite3 (Important)	2021-07-14
oval:org.opensuse.security:def:5075	P	Security update for the Linux Kernel (Important)	2021-07-14
oval:org.opensuse.security:def:5068	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:10644	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:48670	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17049	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48718	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11300	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11465	P	sysvinit-tools-2.88+-94.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76596	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11534	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11487	P	zoo-2.10-1020.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11513	P	cups-pk-helper-0.2.5-3.75 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76830	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17001	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11535	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:5053	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:10677	P	Security update for MozillaThunderbird (Moderate)	2021-06-04
oval:org.opensuse.security:def:51896	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:5045	P	Security update for postgresql10 (Moderate)	2021-05-27
oval:org.opensuse.security:def:5043	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:38122	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:38103	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:5202	P	Security update for openssl-1_1 (Important)	2021-03-25
oval:org.opensuse.security:def:5183	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:51723	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:51485	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:4968	P	Security update for PackageKit (Low)	2020-12-22
oval:org.opensuse.security:def:51088	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:51089	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:10584	P	Security update for MozillaThunderbird (Important)	2020-12-07
oval:org.opensuse.security:def:4811	P	Security update for apache2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:4934	P	Security update for libvirt (Important)	2020-12-02
oval:org.opensuse.security:def:4819	P	Security update for apache2 (Important)	2020-12-02
oval:org.opensuse.security:def:4949	P	Security update for spice-gtk (Moderate)	2020-12-02
oval:org.opensuse.security:def:4841	P	Security update for 389-ds (Important)	2020-12-02
oval:org.opensuse.security:def:4887	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:10514	P	libksba-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52419	P	Security update for libqt5-qtbase (Moderate)	2020-12-01
oval:org.opensuse.security:def:53888	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:37355	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10811	P	libxcb-composite0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52846	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:51489	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:52219	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:52168	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:38142	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38894	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37319	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37697	P	update-alternatives on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37356	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37688	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38054	P	rrdtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10827	P	ocaml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10862	P	xfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10536	P	libraptor-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52493	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:53962	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10562	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52653	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54122	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52327	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:38166	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52453	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:38170	P	dovecot22 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37403	P	cracklib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37787	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37367	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37745	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51322	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:10875	P	aaa_base-malloccheck on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10582	P	pam-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10738	P	libgnutls-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52531	P	Security update for munge (Moderate)	2020-12-01
oval:org.opensuse.security:def:52727	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54196	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51111	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:38055	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38804	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51323	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:52561	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:38214	P	gv on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10506	P	libidn-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37539	P	libjbig2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37947	P	libpulse-mainloop-glib0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37451	P	grub2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37835	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10805	P	libunrar-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37307	P	ppc64-diag on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10629	P	augeas-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10763	P	libneon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52612	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10630	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:10786	P	librsvg-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52765	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:51251	P	Security update for djvulibre (Moderate)	2020-12-01
oval:org.opensuse.security:def:38094	P	wpa_supplicant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38846	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51345	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:38852	P	gnome-shell-calendar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37308	P	ppp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37640	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38006	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10554	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37587	P	libspice-server1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37995	P	libz1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10814	P	libxslt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10853	P	systemtap-sdt-devel on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:19694	V	Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324	2015-08-03
oval:org.mitre.oval:def:20919	P	RHSA-2013:1256: flash-plugin security update (Critical)	2015-03-09
oval:org.mitre.oval:def:27198	P	SUSE-SU-2013:1464-1 -- Security update for flash-player	2014-12-08
oval:org.mitre.oval:def:24152	P	ELSA-2013:1256: flash-plugin security update (Critical)	2014-05-26
oval:com.ubuntu.precise:def:20133362000	V	CVE-2013-3362 on Ubuntu 12.04 LTS (precise) - medium.	2013-09-12
oval:com.redhat.rhsa:def:20131256	P	RHSA-2013:1256: flash-plugin security update (Critical)	2013-09-11

BACK