Published: 11/12/2013 Updated: 13/12/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Adobe Flash Player prior to 11.7.700.257 and 11.8.x and 11.9.x prior to 11.9.900.170 on Windows and Mac OS X and prior to 11.2.202.332 on Linux, Adobe AIR prior to 3.9.0.1380, Adobe AIR SDK prior to 3.9.0.1380, and Adobe AIR SDK & Compiler prior to 3.9.0.1380 allow remote malicious users to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe flash_player
adobe air sdk
adobe air

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes two security issues is nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticals ...

Adobe Flash Player before 117700257 and 118x and 119x before 119900170 on Windows and Mac OS X and before 112202332 on Linux, Adobe AIR before 3901380, Adobe AIR SDK before 3901380, and Adobe AIR SDK & Compiler before 3901380 allow remote attackers to execute arbitrary code via crafted swf content that leverages an unspec ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' ...

This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player This vulnerability was found exploited in the wild in November 2013 This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 117, 118 and 119 prior to 119900170 over Windows XP SP3 and Windows 7 SP1 ...

Adobe Security Updates December 2013

Securelist • Roel Schouwenberg • 10 Dec 2013

This month Adobe’s realing fixes for both Flash Player and Shockwave. The vulnerabilies for Flash Player affect all platforms and concern two CVEs – CVE-2013-5331 and CVE-2013-5332, which both allow for remote code execution. Eploitation of CVE-2013-5331 using Microsoft Word as a leverage mechanism has been observed in the wild. Though Flash 11.6 introduced Click-to-Play for Office, users may still be socially engineered into running Flash content in Office documents. Make sure to apply this...

CVE-2013-5331

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect