Adobe Flash Player prior to 11.7.700.257 and 11.8.x and 11.9.x prior to 11.9.900.170 on Windows and Mac OS X and prior to 11.2.202.332 on Linux, Adobe AIR prior to 3.9.0.1380, Adobe AIR SDK prior to 3.9.0.1380, and Adobe AIR SDK & Compiler prior to 3.9.0.1380 allow malicious users to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe flash_player |
||
adobe air sdk |
||
adobe air |
This month Adobe’s realing fixes for both Flash Player and Shockwave. The vulnerabilies for Flash Player affect all platforms and concern two CVEs – CVE-2013-5331 and CVE-2013-5332, which both allow for remote code execution. Eploitation of CVE-2013-5331 using Microsoft Word as a leverage mechanism has been observed in the wild. Though Flash 11.6 introduced Click-to-Play for Office, users may still be socially engineered into running Flash content in Office documents. Make sure to apply this...