Vulnerabilities > CVE-2013-5331 - Code Injection vulnerability in Adobe Air, AIR SDK and Flash Player

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
adobe
apple
microsoft
linux
CWE-94
critical
nessus
exploit available
metasploit

Summary

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013. Per: http://helpx.adobe.com/security/products/flash-player/apsb13-28.html "Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331."

Vulnerable Configurations

Part Description Count
Application
Adobe
149
OS
Apple
1
OS
Microsoft
1
OS
Linux
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

Exploit-Db

descriptionAdobe Flash Player Type Confusion Remote Code Execution. CVE-2013-5331. Remote exploit for windows platform
idEDB-ID:33095
last seen2016-02-03
modified2014-04-29
published2014-04-29
reportermetasploit
sourcehttps://www.exploit-db.com/download/33095/
titleAdobe Flash Player Type Confusion Remote Code Execution

Metasploit

descriptionThis module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.
idMSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_FILTERS_TYPE_CONFUSION
last seen2020-05-24
modified2017-07-24
published2014-04-27
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/adobe_flash_filters_type_confusion.rb
titleAdobe Flash Player Type Confusion Remote Code Execution

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FLASH-PLAYER-131213.NASL
    descriptionThis update fixes the following security issues with flash-player : - flash-plugin: multiple code execution flaws (APSB13-28). (bnc#854881) - These updates resolve a type confusion vulnerability that could lead to code execution. (CVE-2013-5331) - These updates resolve a memory corruption vulnerability that could lead to code execution. (CVE-2013-5332) - Ref: http://helpx.adobe.com/security/products/flash-player/ap sb13-28.html
    last seen2020-06-05
    modified2013-12-17
    plugin id71492
    published2013-12-17
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71492
    titleSuSE 11.2 / 11.3 Security Update : flash-player (SAT Patch Numbers 8639 / 8640)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71492);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-5331", "CVE-2013-5332");
    
      script_name(english:"SuSE 11.2 / 11.3 Security Update : flash-player (SAT Patch Numbers 8639 / 8640)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following security issues with flash-player :
    
      - flash-plugin: multiple code execution flaws (APSB13-28).
        (bnc#854881)
    
      - These updates resolve a type confusion vulnerability
        that could lead to code execution. (CVE-2013-5331)
    
      - These updates resolve a memory corruption vulnerability
        that could lead to code execution. (CVE-2013-5332)
    
      - Ref:
        http://helpx.adobe.com/security/products/flash-player/ap
        sb13-28.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-5331.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-5332.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 8639 / 8640 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Type Confusion Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player-kde4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"flash-player-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"flash-player-gnome-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"flash-player-kde4-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"flash-player-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"flash-player-gnome-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"flash-player-kde4-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-gnome-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-kde4-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-gnome-11.2.202.332-0.3.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-kde4-11.2.202.332-0.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_ADOBE_AIR_3_9_0_1380.NASL
    descriptionAccording to its version, the instance of Adobe AIR on the remote Mac OS X host is 3.9.0.1210 or earlier. It is, therefore, reportedly affected by the following vulnerabilities : - A type-confusion error exists that could allow arbitrary code execution. (CVE-2013-5331) - An input validation error exists that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2013-5332)
    last seen2020-06-01
    modified2020-06-02
    plugin id71352
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71352
    titleAdobe AIR for Mac <= 3.9.0.1210 Multiple Vulnerabilities (APSB13-28)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71352);
      script_version("1.13");
      script_cvs_date("Date: 2018/07/14  1:59:36");
    
      script_cve_id("CVE-2013-5331", "CVE-2013-5332");
      script_bugtraq_id(64199, 64201);
    
      script_name(english:"Adobe AIR for Mac <= 3.9.0.1210 Multiple Vulnerabilities (APSB13-28)");
      script_summary(english:"Checks version gathered by local check");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Mac OS X host contains a version of Adobe AIR that is
    affected by multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "According to its version, the instance of Adobe AIR on the remote Mac
    OS X host is 3.9.0.1210 or earlier.  It is, therefore, reportedly
    affected by the following vulnerabilities :
    
      - A type-confusion error exists that could allow
        arbitrary code execution. (CVE-2013-5331)
    
      - An input validation error exists that could allow
        denial of service attacks or possibly arbitrary code
        execution. (CVE-2013-5332)"
      );
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb13-28.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Adobe AIR 3.9.0.1380 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Type Confusion Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/11");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("macosx_adobe_air_installed.nasl");
      script_require_keys("MacOSX/Adobe_AIR/Version");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    kb_base = "MacOSX/Adobe_AIR";
    version = get_kb_item_or_exit(kb_base+"/Version");
    path = get_kb_item_or_exit(kb_base+"/Path");
    
    # nb: we're checking for versions less than *or equal to* the cutoff!
    cutoff_version = '3.9.0.1210';
    fixed_version_for_report = '3.9.0.1380';
    
    if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version_for_report +
          '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version, path);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_11_9_900_170.NASL
    descriptionAccording to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.252 / 11.8.x or 11.9.x equal or prior to 11.9.900.152. It is, therefore, potentially affected by the following vulnerabilities : - A type-confusion error exists that could allow arbitrary code execution. (CVE-2013-5331) - An input validation error exists that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2013-5332)
    last seen2020-06-01
    modified2020-06-02
    plugin id71353
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71353
    titleFlash Player for Mac <= 11.7.700.252 / 11.9.900.152 Multiple Vulnerabilities (APSB13-28)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71353);
      script_version("1.12");
      script_cvs_date("Date: 2018/07/14  1:59:36");
    
      script_cve_id("CVE-2013-5331", "CVE-2013-5332");
      script_bugtraq_id(64199, 64201);
    
      script_name(english:"Flash Player for Mac <= 11.7.700.252 / 11.9.900.152 Multiple Vulnerabilities (APSB13-28)");
      script_summary(english:"Checks version of Flash Player");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Mac OS X host has a browser plugin that is affected by
    multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "According to its version, the instance of Flash Player installed on the
    remote Mac OS X host is equal or prior to 11.7.700.252 / 11.8.x or
    11.9.x equal or prior to 11.9.900.152.  It is, therefore, potentially
    affected by the following vulnerabilities :
    
      - A type-confusion error exists that could allow
        arbitrary code execution. (CVE-2013-5331)
    
      - An input validation error exists that could allow
        denial of service attacks or possibly arbitrary code
        execution. (CVE-2013-5332)"
      );
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb13-28.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Flash Player version 11.7.700.257 / 11.9.900.170.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Type Confusion Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/11");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("macosx_flash_player_installed.nasl");
      script_require_keys("MacOSX/Flash_Player/Version");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("MacOSX/Flash_Player/Version");
    path = get_kb_item_or_exit("MacOSX/Flash_Player/Path");
    
    # nb: we're checking for versions less than *or equal to* the cutoff!
    eleven_sevenx_cutoff_version = "11.7.700.252";
    eleven_sevenx_fixed_version = "11.7.700.257";
    
    elevenx_cutoff_version = "11.9.900.152";
    elevenx_fixed_version  = "11.9.900.170";
    
    fixed_version_for_report = NULL;
    
    if (version =~ "^([0-9]|10)\.|^11\.[0-6]")
      fixed_version_for_report = eleven_sevenx_fixed_version;
    
    else if (
      version =~ "^11\.7\." &&
      ver_compare(ver:version, fix:eleven_sevenx_cutoff_version, strict:FALSE) <= 0
    ) fixed_version_for_report = eleven_sevenx_fixed_version;
    
    else if (version =~ "^11\.8\.") fixed_version_for_report = elevenx_fixed_version;
    else if (version =~ "^11\.9\." &&
      ver_compare(ver:version, fix:elevenx_cutoff_version, strict:FALSE) <= 0
    ) fixed_version_for_report = elevenx_fixed_version;
    
    if (!isnull(fixed_version_for_report))
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version_for_report +
          '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);
    
  • NASL familyWindows
    NASL idADOBE_AIR_APSB13-28.NASL
    descriptionAccording to its version, the instance of Adobe AIR on the remote Windows host is 3.9.0.1210 or earlier. It is, therefore, potentially affected by the following vulnerabilities : - A type-confusion error exists that could allow arbitrary code execution. (CVE-2013-5331) - An input validation error exists that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2013-5332)
    last seen2020-06-01
    modified2020-06-02
    plugin id71350
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71350
    titleAdobe AIR <= AIR 3.9.0.1210 Multiple Vulnerabilities (APSB13-28)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71350);
      script_version("1.13");
      script_cvs_date("Date: 2018/06/27 18:42:26");
    
      script_cve_id("CVE-2013-5331", "CVE-2013-5332");
      script_bugtraq_id(64199, 64201);
    
      script_name(english:"Adobe AIR <= AIR 3.9.0.1210 Multiple Vulnerabilities (APSB13-28)");
      script_summary(english:"Checks version gathered by local check");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host contains a version of Adobe AIR that is
    affected by multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "According to its version, the instance of Adobe AIR on the remote
    Windows host is 3.9.0.1210 or earlier.  It is, therefore, potentially
    affected by the following vulnerabilities :
    
      - A type-confusion error exists that could allow
        arbitrary code execution. (CVE-2013-5331)
    
      - An input validation error exists that could allow
        denial of service attacks or possibly arbitrary code
        execution. (CVE-2013-5332)"
      );
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb13-28.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Adobe AIR 3.9.0.1380 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Type Confusion Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/11");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("adobe_air_installed.nasl");
      script_require_keys("SMB/Adobe_AIR/Version", "SMB/Adobe_AIR/Path");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("SMB/Adobe_AIR/Version");
    path = get_kb_item_or_exit("SMB/Adobe_AIR/Path");
    
    version_ui = get_kb_item("SMB/Adobe_AIR/Version_UI");
    if (isnull(version_ui)) version_report = version;
    else version_report = version_ui + ' (' + version + ')';
    
    cutoff_version = '3.9.0.1210';
    fix = '3.9.0.1380';
    fix_ui = '3.9';
    
    if (ver_compare(ver:version, fix:cutoff_version) <= 0)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version_report +
          '\n  Fixed version     : ' + fix_ui + " (" + fix + ')\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version_report, path);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201402-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201402-06 (Adobe Flash Player: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72383
    published2014-02-07
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72383
    titleGLSA-201402-06 : Adobe Flash Player: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1818.NASL
    descriptionAn updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-28, listed in the References section. Specially crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-5331, CVE-2013-5332) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.332.
    last seen2020-06-01
    modified2020-06-02
    plugin id71369
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71369
    titleRHEL 5 / 6 : flash-plugin (RHSA-2013:1818)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-992.NASL
    descriptionThis update fixes the following security issues with flash-player : - Security update to 11.2.202.332: (bnc#854881) - APSB13-28, CVE-2013-5331, CVE-2013-5332 - Prevents possible remote code execution!
    last seen2020-06-05
    modified2014-06-13
    plugin id75238
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75238
    titleopenSUSE Security Update : flash-player (openSUSE-SU-2013:1915-1)
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB13-28.NASL
    descriptionAccording to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.252 / 11.8.x or 11.9.x equal or prior to 11.9.900.152. It is, therefore, potentially affected by the following vulnerabilities : - A type-confusion error exists that could allow arbitrary code execution. (CVE-2013-5331) - An input validation error exists that could allow denial of service attacks or possibly arbitrary code execution. (CVE-2013-5332)
    last seen2020-06-01
    modified2020-06-02
    plugin id71351
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71351
    titleFlash Player <= 11.7.700.252 / 11.9.900.152 Multiple Vulnerabilities (APSB13-28)
  • NASL familyWindows
    NASL idSMB_KB2907997.NASL
    descriptionThe remote host is missing KB2907997. It is, therefore, affected by the following vulnerabilities related to the installed version of the Adobe Flash ActiveX control : - An unspecified type confusion flaw exists that could lead to code execution. (CVE-2013-5331) - An unspecified flaw exists that could lead to code execution. (CVE-2013-5332)
    last seen2020-06-01
    modified2020-06-02
    plugin id71325
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71325
    titleMS KB2907997: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/126385/adobe_flash_filters_type_confusion.rb.txt
idPACKETSTORM:126385
last seen2016-12-05
published2014-04-29
reporterbannedit
sourcehttps://packetstormsecurity.com/files/126385/Adobe-Flash-Player-Type-Confusion-Remote-Code-Execution.html
titleAdobe Flash Player Type Confusion Remote Code Execution

Redhat

advisories
rhsa
idRHSA-2013:1818
rpms
  • flash-plugin-0:11.2.202.332-1.el5
  • flash-plugin-0:11.2.202.332-1.el6

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 64199 CVE(CAN) ID: CVE-2013-5331 Adobe Flash Player是一个集成的多媒体播放器。Adobe AIR是针对网络与桌面应用的结合所开发出来的技术,可以不必经由浏览器而对网络上的云端程式做控制。 Adobe Flash Player及AIR在实现上存在类型混淆错误,攻击者可利用此漏洞在受影响应用上下文中执行任意代码。 0 Adobe Flash Player &lt;= 11.9.900.152 Adobe Flash Player &lt;= 11.2.202.327 Adobe AIR &lt;= 3.9.0.1210 厂商补丁: Adobe ----- Adobe已经为此发布了一个安全公告(APSB13-28)以及相应补丁: APSB13-28:Security updates available for Adobe Flash Player 链接:http://helpx.adobe.com/security/products/flash-player/apsb13-28.html
    idSSV:61083
    last seen2017-11-19
    modified2013-12-11
    published2013-12-11
    reporterRoot
    titleAdobe Flash Player及AIR类型混淆远程代码执行漏洞(CVE-2013-5331)
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:86346
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-86346
    titleAdobe Flash Player Type Confusion Remote Code Execution