VIR Vulnerability Intelligence Relay

CVE-2013-0638

critical
Published 2013-02-12 · Modified 2026-04-29
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0647.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — http://www.adobe.com/support/security/bulletins/apsb13-05.html

OS impact
OSVersionStatusFixed in
linux linux-kernel-not-affected
macos macos-not-affected

Application impact
VendorProductVersionsFixed
adobeflash_player{"startIncluding":"10.3","endExcluding":"10.3.183.63"}10.3.183.63
adobeair{"endExcluding":"3.6.0.597"}3.6.0.597
adobeair_sdk{"endExcluding":"3.6.0.599"}3.6.0.599

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.