CVE-2013-3344
flash-plugin: Multiple code execution flaws (APSB13-17)
Severity Score
Exploit Likelihood
Affected Versions
721Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors.
Desbordamiento de memoria dinámica en Adobe Flash Player anterior a 11.7.700.232 y 11.8.x anterior a 11.8.800.94 en Windows y Mac OS X, anterior a 11.2.202.297 en Linux, anterior a 11.1.111.64 en Android 2.x y 3.x,anterior a 11.1.115.69 en Android 4.x, permite a atacantes ejecutar código arbitrario a través de vectores no especificados.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.297.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-05-06 CVE Reserved
- 2013-07-10 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2013-... | 2015-10-23 | |
| https://access.redhat.com/security/cve/CVE-2013-3344 | 2013-07-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=982749 | 2013-07-10 |