ID CVE-2013-5331
Summary Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.
References
Vulnerable Configurations
  • Adobe Flash Player 11.0
    cpe:2.3:a:adobe:flash_player:11.0
  • Adobe Flash Player 11.0.1.152
    cpe:2.3:a:adobe:flash_player:11.0.1.152
  • Adobe Flash Player 11.0.1.152 x64 (64-bit)
    cpe:2.3:a:adobe:flash_player:11.0.1.152:-:-:-:-:-:x64
  • Adobe Flash Player 11.0.1.153
    cpe:2.3:a:adobe:flash_player:11.0.1.153
  • Adobe Flash Player 11.1
    cpe:2.3:a:adobe:flash_player:11.1
  • Adobe Flash Player 11.1.102.55
    cpe:2.3:a:adobe:flash_player:11.1.102.55
  • Adobe Flash Player 11.1.102.55 (x64) 64-bit
    cpe:2.3:a:adobe:flash_player:11.1.102.55:-:-:-:-:-:x64
  • Adobe Flash Player 11.1.102.59
    cpe:2.3:a:adobe:flash_player:11.1.102.59
  • Adobe Flash Player 11.1.102.62
    cpe:2.3:a:adobe:flash_player:11.1.102.62
  • Adobe Flash Player 11.1.102.63
    cpe:2.3:a:adobe:flash_player:11.1.102.63
  • Adobe Flash Player 11.1.111.8
    cpe:2.3:a:adobe:flash_player:11.1.111.8
  • Adobe Flash Player 11.1.111.44
    cpe:2.3:a:adobe:flash_player:11.1.111.44
  • Adobe Flash Player 11.1.111.50
    cpe:2.3:a:adobe:flash_player:11.1.111.50
  • Adobe Flash Player 11.1.111.54
    cpe:2.3:a:adobe:flash_player:11.1.111.54
  • Adobe Flash Player 11.1.111.64
    cpe:2.3:a:adobe:flash_player:11.1.111.64
  • Adobe Flash Player 11.1.111.73
    cpe:2.3:a:adobe:flash_player:11.1.111.73
  • Adobe Flash Player 11.1.115.7
    cpe:2.3:a:adobe:flash_player:11.1.115.7
  • Adobe Flash Player 11.1.115.34
    cpe:2.3:a:adobe:flash_player:11.1.115.34
  • Adobe Flash Player 11.1.115.48
    cpe:2.3:a:adobe:flash_player:11.1.115.48
  • Adobe Flash Player 11.1.115.54
    cpe:2.3:a:adobe:flash_player:11.1.115.54
  • Adobe Flash Player 11.1.115.58
    cpe:2.3:a:adobe:flash_player:11.1.115.58
  • Adobe Flash Player 11.1.115.59
    cpe:2.3:a:adobe:flash_player:11.1.115.59
  • Adobe Flash Player 11.1.115.63
    cpe:2.3:a:adobe:flash_player:11.1.115.63
  • Adobe Flash Player 11.1.115.69
    cpe:2.3:a:adobe:flash_player:11.1.115.69
  • Adobe Flash Player 11.1.115.81
    cpe:2.3:a:adobe:flash_player:11.1.115.81
  • Adobe Flash Player 11.2.202.223
    cpe:2.3:a:adobe:flash_player:11.2.202.223
  • Adobe Flash Player 11.2.202.228
    cpe:2.3:a:adobe:flash_player:11.2.202.228
  • Adobe Flash Player 11.2.202.233
    cpe:2.3:a:adobe:flash_player:11.2.202.233
  • Adobe Flash Player 11.2.202.235
    cpe:2.3:a:adobe:flash_player:11.2.202.235
  • Adobe Flash Player 11.2.202.236
    cpe:2.3:a:adobe:flash_player:11.2.202.236
  • Adobe Flash Player 11.2.202.238
    cpe:2.3:a:adobe:flash_player:11.2.202.238
  • Adobe Flash Player 11.2.202.243
    cpe:2.3:a:adobe:flash_player:11.2.202.243
  • Adobe Flash Player 11.2.202.251
    cpe:2.3:a:adobe:flash_player:11.2.202.251
  • Adobe Flash Player 11.2.202.258
    cpe:2.3:a:adobe:flash_player:11.2.202.258
  • Adobe Flash Player 11.2.202.261
    cpe:2.3:a:adobe:flash_player:11.2.202.261
  • Adobe Flash Player 11.2.202.262
    cpe:2.3:a:adobe:flash_player:11.2.202.262
  • Adobe Flash Player 11.2.202.270
    cpe:2.3:a:adobe:flash_player:11.2.202.270
  • Adobe Flash Player 11.2.202.273
    cpe:2.3:a:adobe:flash_player:11.2.202.273
  • Adobe Flash Player 11.2.202.275
    cpe:2.3:a:adobe:flash_player:11.2.202.275
  • Adobe Flash Player 11.2.202.280
    cpe:2.3:a:adobe:flash_player:11.2.202.280
  • Adobe Flash Player 11.2.202.285
    cpe:2.3:a:adobe:flash_player:11.2.202.285
  • Adobe Flash Player 11.2.202.291
    cpe:2.3:a:adobe:flash_player:11.2.202.291
  • Adobe Flash Player 11.2.202.297
    cpe:2.3:a:adobe:flash_player:11.2.202.297
  • Adobe Flash Player 11.2.202.310
    cpe:2.3:a:adobe:flash_player:11.2.202.310
  • Adobe Flash Player 11.2.202.327
    cpe:2.3:a:adobe:flash_player:11.2.202.327
  • Adobe Flash Player 11.2.202.332
    cpe:2.3:a:adobe:flash_player:11.2.202.332
  • Adobe Flash Player 11.2.202.335
    cpe:2.3:a:adobe:flash_player:11.2.202.335
  • Adobe Flash Player 11.2.202.336
    cpe:2.3:a:adobe:flash_player:11.2.202.336
  • Adobe Flash Player 11.2.202.341
    cpe:2.3:a:adobe:flash_player:11.2.202.341
  • Adobe Flash Player 11.2.202.346
    cpe:2.3:a:adobe:flash_player:11.2.202.346
  • Adobe Flash Player 11.2.202.350
    cpe:2.3:a:adobe:flash_player:11.2.202.350
  • Adobe Flash Player 11.2.202.356
    cpe:2.3:a:adobe:flash_player:11.2.202.356
  • Adobe Flash Player 11.2.202.359
    cpe:2.3:a:adobe:flash_player:11.2.202.359
  • Adobe Flash Player 11.2.202.378
    cpe:2.3:a:adobe:flash_player:11.2.202.378
  • Adobe Flash Player 11.2.202.394
    cpe:2.3:a:adobe:flash_player:11.2.202.394
  • Adobe Flash Player 11.2.202.411
    cpe:2.3:a:adobe:flash_player:11.2.202.411
  • Adobe Flash Player 11.2.202.418
    cpe:2.3:a:adobe:flash_player:11.2.202.418
  • Adobe Flash Player 11.2.202.424
    cpe:2.3:a:adobe:flash_player:11.2.202.424
  • Adobe Flash Player 11.2.202.425
    cpe:2.3:a:adobe:flash_player:11.2.202.425
  • Adobe Flash Player 11.2.202.429
    cpe:2.3:a:adobe:flash_player:11.2.202.429
  • Adobe Flash Player 11.2.202.438
    cpe:2.3:a:adobe:flash_player:11.2.202.438
  • Adobe Flash Player 11.2.202.440
    cpe:2.3:a:adobe:flash_player:11.2.202.440
  • Adobe Flash Player 11.2.202.442
    cpe:2.3:a:adobe:flash_player:11.2.202.442
  • Adobe Flash Player 11.2.202.451
    cpe:2.3:a:adobe:flash_player:11.2.202.451
  • Adobe Flash Player 11.2.202.460
    cpe:2.3:a:adobe:flash_player:11.2.202.460
  • Adobe Flash Player 11.2.202.466
    cpe:2.3:a:adobe:flash_player:11.2.202.466
  • Adobe Flash Player 11.2.202.468
    cpe:2.3:a:adobe:flash_player:11.2.202.468
  • Adobe Flash Player 11.2.202.475
    cpe:2.3:a:adobe:flash_player:11.2.202.475
  • Adobe Flash Player 11.2.202.491
    cpe:2.3:a:adobe:flash_player:11.2.202.491
  • Adobe Flash Player 11.2.202.535
    cpe:2.3:a:adobe:flash_player:11.2.202.535
  • Adobe Flash Player 11.2.202.548
    cpe:2.3:a:adobe:flash_player:11.2.202.548
  • Adobe Flash Player 11.2.202.554
    cpe:2.3:a:adobe:flash_player:11.2.202.554
  • Adobe Flash Player 11.2.202.559
    cpe:2.3:a:adobe:flash_player:11.2.202.559
  • Adobe Flash Player 11.2.202.569
    cpe:2.3:a:adobe:flash_player:11.2.202.569
  • Adobe Flash Player 11.2.202.577
    cpe:2.3:a:adobe:flash_player:11.2.202.577
  • Adobe Flash Player 11.2.202.626
    cpe:2.3:a:adobe:flash_player:11.2.202.626
  • Adobe Flash Player 11.2.202.632
    cpe:2.3:a:adobe:flash_player:11.2.202.632
  • Adobe Flash Player 11.2.202.637 for Linux
    cpe:2.3:a:adobe:flash_player:11.2.202.637:-:-:-:-:linux
  • Adobe Flash Player 11.3.300.257
    cpe:2.3:a:adobe:flash_player:11.3.300.257
  • Adobe Flash Player 11.3.300.262
    cpe:2.3:a:adobe:flash_player:11.3.300.262
  • Adobe Flash Player 11.3.300.265
    cpe:2.3:a:adobe:flash_player:11.3.300.265
  • Adobe Flash Player 11.3.300.268
    cpe:2.3:a:adobe:flash_player:11.3.300.268
  • Adobe Flash Player 11.3.300.270
    cpe:2.3:a:adobe:flash_player:11.3.300.270
  • Adobe Flash Player 11.3.300.271
    cpe:2.3:a:adobe:flash_player:11.3.300.271
  • Adobe Flash Player 11.3.300.273
    cpe:2.3:a:adobe:flash_player:11.3.300.273
  • Adobe Flash Player 11.4.4.02.265
    cpe:2.3:a:adobe:flash_player:11.4.402.265
  • Adobe Flash Player 11.4.402.278
    cpe:2.3:a:adobe:flash_player:11.4.402.278
  • Adobe Flash Player 11.4.402.287
    cpe:2.3:a:adobe:flash_player:11.4.402.287
  • Adobe Flash Player 11.5.502.110
    cpe:2.3:a:adobe:flash_player:11.5.502.110
  • Adobe Flash Player 11.5.502.135
    cpe:2.3:a:adobe:flash_player:11.5.502.135
  • Adobe Flash Player 11.5.502.136
    cpe:2.3:a:adobe:flash_player:11.5.502.136
  • Adobe Flash Player 11.5.502.146
    cpe:2.3:a:adobe:flash_player:11.5.502.146
  • Adobe Flash Player 11.5.502.149
    cpe:2.3:a:adobe:flash_player:11.5.502.149
  • Adobe Flash Player 11.6.602.167
    cpe:2.3:a:adobe:flash_player:11.6.602.167
  • Adobe Flash Player 11.6.602.168
    cpe:2.3:a:adobe:flash_player:11.6.602.168
  • Adobe Flash Player 11.6.602.171
    cpe:2.3:a:adobe:flash_player:11.6.602.171
  • Adobe Flash Player 11.6.602.180
    cpe:2.3:a:adobe:flash_player:11.6.602.180
  • Adobe Flash Player 11.7.700.169
    cpe:2.3:a:adobe:flash_player:11.7.700.169
  • Adobe Flash Player 11.7.700.202
    cpe:2.3:a:adobe:flash_player:11.7.700.202
  • Adobe Flash Player 11.7.700.203
    cpe:2.3:a:adobe:flash_player:11.7.700.203
  • Adobe Flash Player 11.7.700.224
    cpe:2.3:a:adobe:flash_player:11.7.700.224
  • Adobe Flash Player 11.7.700.225
    cpe:2.3:a:adobe:flash_player:11.7.700.225
  • Adobe Flash Player 11.7.700.232
    cpe:2.3:a:adobe:flash_player:11.7.700.232
  • Adobe Flash Player 11.7.700.242
    cpe:2.3:a:adobe:flash_player:11.7.700.242
  • Adobe Flash Player 11.7.700.252
    cpe:2.3:a:adobe:flash_player:11.7.700.252
  • Adobe Flash Player 11.8.800.94
    cpe:2.3:a:adobe:flash_player:11.8.800.94
  • Adobe Flash Player 11.8.800.97
    cpe:2.3:a:adobe:flash_player:11.8.800.97
  • Adobe Flash Player 11.8.800.168
    cpe:2.3:a:adobe:flash_player:11.8.800.168
  • Adobe Flash Player 11.9.900.117
    cpe:2.3:a:adobe:flash_player:11.9.900.117
  • Adobe Flash Player 11.9.900.152
    cpe:2.3:a:adobe:flash_player:11.9.900.152
  • Adobe Flash Player 11.9.900.170
    cpe:2.3:a:adobe:flash_player:11.9.900.170
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Flash Player 11.0
    cpe:2.3:a:adobe:flash_player:11.0
  • Adobe Flash Player 11.0.1.152
    cpe:2.3:a:adobe:flash_player:11.0.1.152
  • Adobe Flash Player 11.0.1.152 x64 (64-bit)
    cpe:2.3:a:adobe:flash_player:11.0.1.152:-:-:-:-:-:x64
  • Adobe Flash Player 11.0.1.153
    cpe:2.3:a:adobe:flash_player:11.0.1.153
  • Adobe Flash Player 11.1
    cpe:2.3:a:adobe:flash_player:11.1
  • Adobe Flash Player 11.1.102.55
    cpe:2.3:a:adobe:flash_player:11.1.102.55
  • Adobe Flash Player 11.1.102.55 (x64) 64-bit
    cpe:2.3:a:adobe:flash_player:11.1.102.55:-:-:-:-:-:x64
  • Adobe Flash Player 11.1.102.59
    cpe:2.3:a:adobe:flash_player:11.1.102.59
  • Adobe Flash Player 11.1.102.62
    cpe:2.3:a:adobe:flash_player:11.1.102.62
  • Adobe Flash Player 11.1.102.63
    cpe:2.3:a:adobe:flash_player:11.1.102.63
  • Adobe Flash Player 11.1.111.8
    cpe:2.3:a:adobe:flash_player:11.1.111.8
  • Adobe Flash Player 11.1.111.44
    cpe:2.3:a:adobe:flash_player:11.1.111.44
  • Adobe Flash Player 11.1.111.50
    cpe:2.3:a:adobe:flash_player:11.1.111.50
  • Adobe Flash Player 11.1.111.54
    cpe:2.3:a:adobe:flash_player:11.1.111.54
  • Adobe Flash Player 11.1.111.64
    cpe:2.3:a:adobe:flash_player:11.1.111.64
  • Adobe Flash Player 11.1.111.73
    cpe:2.3:a:adobe:flash_player:11.1.111.73
  • Adobe Flash Player 11.1.115.7
    cpe:2.3:a:adobe:flash_player:11.1.115.7
  • Adobe Flash Player 11.1.115.34
    cpe:2.3:a:adobe:flash_player:11.1.115.34
  • Adobe Flash Player 11.1.115.48
    cpe:2.3:a:adobe:flash_player:11.1.115.48
  • Adobe Flash Player 11.1.115.54
    cpe:2.3:a:adobe:flash_player:11.1.115.54
  • Adobe Flash Player 11.1.115.58
    cpe:2.3:a:adobe:flash_player:11.1.115.58
  • Adobe Flash Player 11.1.115.59
    cpe:2.3:a:adobe:flash_player:11.1.115.59
  • Adobe Flash Player 11.1.115.63
    cpe:2.3:a:adobe:flash_player:11.1.115.63
  • Adobe Flash Player 11.1.115.69
    cpe:2.3:a:adobe:flash_player:11.1.115.69
  • Adobe Flash Player 11.1.115.81
    cpe:2.3:a:adobe:flash_player:11.1.115.81
  • Adobe Flash Player 11.2.202.223
    cpe:2.3:a:adobe:flash_player:11.2.202.223
  • Adobe Flash Player 11.2.202.228
    cpe:2.3:a:adobe:flash_player:11.2.202.228
  • Adobe Flash Player 11.2.202.233
    cpe:2.3:a:adobe:flash_player:11.2.202.233
  • Adobe Flash Player 11.2.202.235
    cpe:2.3:a:adobe:flash_player:11.2.202.235
  • Adobe Flash Player 11.2.202.236
    cpe:2.3:a:adobe:flash_player:11.2.202.236
  • Adobe Flash Player 11.2.202.238
    cpe:2.3:a:adobe:flash_player:11.2.202.238
  • Adobe Flash Player 11.2.202.243
    cpe:2.3:a:adobe:flash_player:11.2.202.243
  • Adobe Flash Player 11.2.202.251
    cpe:2.3:a:adobe:flash_player:11.2.202.251
  • Adobe Flash Player 11.2.202.258
    cpe:2.3:a:adobe:flash_player:11.2.202.258
  • Adobe Flash Player 11.2.202.261
    cpe:2.3:a:adobe:flash_player:11.2.202.261
  • Adobe Flash Player 11.2.202.262
    cpe:2.3:a:adobe:flash_player:11.2.202.262
  • Adobe Flash Player 11.2.202.270
    cpe:2.3:a:adobe:flash_player:11.2.202.270
  • Adobe Flash Player 11.2.202.273
    cpe:2.3:a:adobe:flash_player:11.2.202.273
  • Adobe Flash Player 11.2.202.275
    cpe:2.3:a:adobe:flash_player:11.2.202.275
  • Adobe Flash Player 11.2.202.280
    cpe:2.3:a:adobe:flash_player:11.2.202.280
  • Adobe Flash Player 11.2.202.285
    cpe:2.3:a:adobe:flash_player:11.2.202.285
  • Adobe Flash Player 11.2.202.291
    cpe:2.3:a:adobe:flash_player:11.2.202.291
  • Adobe Flash Player 11.2.202.297
    cpe:2.3:a:adobe:flash_player:11.2.202.297
  • Adobe Flash Player 11.2.202.310
    cpe:2.3:a:adobe:flash_player:11.2.202.310
  • Adobe Flash Player 11.2.202.327
    cpe:2.3:a:adobe:flash_player:11.2.202.327
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
CVSS
Base: 9.3 (as of 12-12-2013 - 11:33)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Adobe Flash Player Type Confusion Remote Code Execution. CVE-2013-5331. Remote exploit for windows platform
id EDB-ID:33095
last seen 2016-02-03
modified 2014-04-29
published 2014-04-29
reporter metasploit
source https://www.exploit-db.com/download/33095/
title Adobe Flash Player Type Confusion Remote Code Execution
metasploit via4
description This module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.
id MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_FILTERS_TYPE_CONFUSION
last seen 2019-03-24
modified 2017-07-24
published 2014-04-27
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_filters_type_confusion.rb
title Adobe Flash Player Type Confusion Remote Code Execution
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FLASH_PLAYER_11_9_900_170.NASL
    description According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.252 / 11.8.x or 11.9.x equal or prior to 11.9.900.152. It is, therefore, potentially affected by the following vulnerabilities : - A type-confusion error exists that could allow arbitrary code execution. (CVE-2013-5331) - An input validation error exists that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2013-5332)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 71353
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71353
    title Flash Player for Mac <= 11.7.700.252 / 11.9.900.152 Multiple Vulnerabilities (APSB13-28)
  • NASL family Windows
    NASL id ADOBE_AIR_APSB13-28.NASL
    description According to its version, the instance of Adobe AIR on the remote Windows host is 3.9.0.1210 or earlier. It is, therefore, potentially affected by the following vulnerabilities : - A type-confusion error exists that could allow arbitrary code execution. (CVE-2013-5331) - An input validation error exists that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2013-5332)
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 71350
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71350
    title Adobe AIR <= AIR 3.9.0.1210 Multiple Vulnerabilities (APSB13-28)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201402-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201402-06 (Adobe Flash Player: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 72383
    published 2014-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72383
    title GLSA-201402-06 : Adobe Flash Player: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-992.NASL
    description This update fixes the following security issues with flash-player : - Security update to 11.2.202.332: (bnc#854881) - APSB13-28, CVE-2013-5331, CVE-2013-5332 - Prevents possible remote code execution!
    last seen 2018-12-15
    modified 2018-12-14
    plugin id 75238
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75238
    title openSUSE Security Update : flash-player (openSUSE-SU-2013:1915-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_ADOBE_AIR_3_9_0_1380.NASL
    description According to its version, the instance of Adobe AIR on the remote Mac OS X host is 3.9.0.1210 or earlier. It is, therefore, reportedly affected by the following vulnerabilities : - A type-confusion error exists that could allow arbitrary code execution. (CVE-2013-5331) - An input validation error exists that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2013-5332)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 71352
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71352
    title Adobe AIR for Mac <= 3.9.0.1210 Multiple Vulnerabilities (APSB13-28)
  • NASL family Windows
    NASL id FLASH_PLAYER_APSB13-28.NASL
    description According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.252 / 11.8.x or 11.9.x equal or prior to 11.9.900.152. It is, therefore, potentially affected by the following vulnerabilities : - A type-confusion error exists that could allow arbitrary code execution. (CVE-2013-5331) - An input validation error exists that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2013-5332)
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 71351
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71351
    title Flash Player <= 11.7.700.252 / 11.9.900.152 Multiple Vulnerabilities (APSB13-28)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1818.NASL
    description An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-28, listed in the References section. Specially crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-5331, CVE-2013-5332) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.332.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 71369
    published 2013-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71369
    title RHEL 5 / 6 : flash-plugin (RHSA-2013:1818)
  • NASL family Windows
    NASL id SMB_KB2907997.NASL
    description The remote host is missing KB2907997. It is, therefore, affected by the following vulnerabilities related to the installed version of the Adobe Flash ActiveX control : - An unspecified type confusion flaw exists that could lead to code execution. (CVE-2013-5331) - An unspecified flaw exists that could lead to code execution. (CVE-2013-5332)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 71325
    published 2013-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71325
    title MS KB2907997: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FLASH-PLAYER-131213.NASL
    description This update fixes the following security issues with flash-player : - flash-plugin: multiple code execution flaws (APSB13-28). (bnc#854881) - These updates resolve a type confusion vulnerability that could lead to code execution. (CVE-2013-5331) - These updates resolve a memory corruption vulnerability that could lead to code execution. (CVE-2013-5332) - Ref: http://helpx.adobe.com/security/products/flash-player/ap sb13-28.html
    last seen 2019-02-21
    modified 2014-04-29
    plugin id 71492
    published 2013-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71492
    title SuSE 11.2 / 11.3 Security Update : flash-player (SAT Patch Numbers 8639 / 8640)
packetstorm via4
data source https://packetstormsecurity.com/files/download/126385/adobe_flash_filters_type_confusion.rb.txt
id PACKETSTORM:126385
last seen 2016-12-05
published 2014-04-29
reporter bannedit
source https://packetstormsecurity.com/files/126385/Adobe-Flash-Player-Type-Confusion-Remote-Code-Execution.html
title Adobe Flash Player Type Confusion Remote Code Execution
redhat via4
advisories
rhsa
id RHSA-2013:1818
refmap via4
confirm http://helpx.adobe.com/security/products/flash-player/apsb13-28.html
suse
  • SUSE-SU-2013:1896
  • openSUSE-SU-2013:1898
  • openSUSE-SU-2013:1915
Last major update 27-01-2014 - 23:55
Published 11-12-2013 - 10:55
Last modified 13-12-2018 - 10:41
Back to Top