9.3

CVE-2013-5332

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeFlash Player Version >= 11.0 < 11.7.700.257
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player Version >= 11.8 < 11.8.800.175
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player Version >= 11.9 < 11.9.900.700
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player Version >= 11.0 < 11.2.202.332
   LinuxLinux Kernel Version-
AdobeAir Version < 3.9.0.1380
AdobeAir Sdk Version < 3.9.0.1380
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.43% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.