CVE-2013-5329Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe AIR

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources
Severity
10.0CRITICALNVD
EPSS
11.5%
top 6.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Adobe AIRAdobe AIR SDKAdobe Flash Player
Timeline
PublishedNov 13
Latest updateMay 14

Description

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDadobe/flash_player11.011.7.700.252+3
NVDadobe/air< 3.9.0.1210
NVDadobe/air_sdk< 3.9.0.1210

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

5
GHSA
GHSA-jj82-mwc3-9h8h: Adobe Flash Player before 112022-05-14
GHSA
GHSA-j473-h6vv-fh38: Adobe Flash Player before 112022-05-14
CVEList
CVE-2013-5330: Adobe Flash Player before 112013-11-13
CVEList
CVE-2013-5329: Adobe Flash Player before 112013-11-13
VulnCheck
Adobe Flash Player Improper Restriction of Operations within the Bounds of a Memory Buffer2013

📋Vendor Advisories

2
Red Hat
flash-plugin: multiple code execution flaws (APSB13-26)2013-11-12
Red Hat
flash-plugin: multiple code execution flaws (APSB13-26)2013-11-12

💬Community

1
Bugzilla
CVE-2013-5329 CVE-2013-5330 flash-plugin: multiple code execution flaws (APSB13-26)2013-11-12
CVE-2013-5329 — Adobe AIR vulnerability | cvebase