What is CVE-2013-5331?

CVE-2013-5331 is a vulnerability in Adobe Air, classified under Code Injection. Published 2013-12-11.

Is CVE-2013-5331 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Adobe Air

CVE-2013-5331

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.874 (99.5th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

openSUSE-SU-2013:1898 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
RHSA-2013:1818 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
openSUSE-SU-2013:1915 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
SUSE-SU-2013:1896 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2013-5331?: CVE-2013-5331 is a vulnerability in Adobe Air, classified under Code Injection. Published 2013-12-11.
Is CVE-2013-5331 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.