CVE-2013-5331

2013-12-1115:55:00

CWE-94

[email protected]

web.nvd.nist.gov

121

cve

adobe flash player

adobe air

remote code execution

type confusion

security vulnerability

nvd

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.5%

JSON

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified “type confusion,” as exploited in the wild in December 2013.

CPENameOperatorVersion
adobe:flash_playeradobe flash playerlt11.7.700.257
adobe:flash_playeradobe flash playerlt11.8.800.175
adobe:flash_playeradobe flash playerlt11.9.900.700
adobe:flash_playeradobe flash playerlt11.2.202.332
adobe:airadobe airlt3.9.0.1380
adobe:air_sdkadobe air sdklt3.9.0.1380

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	lt	11.7.700.257
adobe:flash_player	adobe flash player	lt	11.8.800.175
adobe:flash_player	adobe flash player	lt	11.9.900.700
adobe:flash_player	adobe flash player	lt	11.2.202.332
adobe:air	adobe air	lt	3.9.0.1380
adobe:air_sdk	adobe air sdk	lt	3.9.0.1380