CVE-2013-0633

EXPLOITED IN THE WILD

Adobe Flash Player <10.3.183.51-11.5.502.149 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-0633 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit.

AI-analyzed exploit summary This Metasploit module exploits a heap overflow vulnerability in Adobe Flash Player's ActiveX component by delivering a crafted SWF file with a malicious regex value, leading to remote code execution. It leverages predictable SharedUserData to bypass ASLR and has been tested on Windows XP SP3 and Windows 7 SP1.

Description

Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Exploits (1)

exploitdb WORKING POC
rubyremotewindows
https://www.exploit-db.com/exploits/32959

This Metasploit module exploits a heap overflow vulnerability in Adobe Flash Player's ActiveX component by delivering a crafted SWF file with a malicious regex value, leading to remote code execution. It leverages predictable SharedUserData to bypass ASLR and has been tested on Windows XP SP3 and Windows 7 SP1.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player before 11.5.502.149
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Adobe Flash Player ActiveX component must be installed and vulnerable
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb13-04.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0243.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00004.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00007.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00006.html

Scores

EPSS 0.5893
EPSS Percentile 98.3%

Details

VulnCheck KEV 2013-02-08
InTheWild.io 2018-12-06
CWE
CWE-119
Status published
Products (1)
adobe/flash_player 10.3 - 10.3.183.51
Published Feb 08, 2013
Tracked Since Feb 18, 2026