CVE-2013-5331

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 11.7.700.257 Adobe Flash Player versions 11.8.x Adobe Flash Player versions prior to 11.9.900.170 Adobe Flash Player version prior to 11.2.202.332 on Linux Adobe AIR versions prior to 3.9.0.1380 Adobe AIR SDK versions prior to 3.9.0.1380 Adobe AIR SDK & Compiler versions prior to 3.9.0.1380

Description The issue allows remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified type confusion. This issue has been exploited in the wild in December 2013.

Recommendations For Adobe Flash Player versions prior to 11.7.700.257, update to version 11.7.700.257 or later. For Adobe Flash Player versions 11.8.x, update to a version after 11.8.x. For Adobe Flash Player versions prior to 11.9.900.170, update to version 11.9.900.170 or later. For Adobe Flash Player version prior to 11.2.202.332 on Linux, update to version 11.2.202.332 or later. For Adobe AIR versions prior to 3.9.0.1380, update to version 3.9.0.1380 or later. For Adobe AIR SDK versions prior to 3.9.0.1380, update to version 3.9.0.1380 or later. For Adobe AIR SDK & Compiler versions prior to 3.9.0.1380, update to version 3.9.0.1380 or later.