Unrated severityNVD Advisory· Published Dec 11, 2013· Updated Apr 29, 2026

CVE-2013-5331

Description

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.

Affected products

Adobe Inc./Air
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Range: <3.9.0.1380
Adobe Inc./Air Sdk
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
Range: <3.9.0.1380
Adobe Inc./Flash Player
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Range: >=11.0,<11.7.700.257

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb13-28.htmlnvdPatchVendor Advisory
lists.opensuse.org/opensuse-security-announce/2013-12/msg00008.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2013-12/msg00075.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2013-12/msg00084.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1818.htmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.070
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000