CVE-2013-3359

CWE-119 — Buffer Overflow7 documents5 sources

Severity

10.0CRITICAL

EPSS

11.4%

top 6.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Shockwave Player

Timeline

PublishedSep 12

Latest updateMay 17

Description

Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3360.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/shockwave_player12.0.3.133+54

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-q636-6vgx-r5mq: Adobe Shockwave Player before 12↗2022-05-17

▶

CVEList

CVE-2013-3359: Adobe Shockwave Player before 12↗2013-09-11

▶

📋Vendor Advisories

Red Hat

conga: insecure handling of luci web interface sessions↗2013-01-07

▶

Red Hat

conga: insecure handling of luci web interface sessions↗2013-01-07

▶

💬Community

Bugzilla

CVE-2014-9900 kernel: Info leak in uninitialized structure ethtool_wolinfo in ethtool_get_wol()↗2017-08-14

▶