CVE-2013-0634

EXPLOITED IN THE WILD RANSOMWARE

Adobe Flash Player <10.3.183.51-11.5.502.149 - RCE

Title source: llm

Description

Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/32959

View Code ZIP pw:eip

github NO CODE

by d0now · angelscriptpoc

https://github.com/d0now/flash-cve-exploits/tree/master/cve-2013-0634.as

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Unknown, Boris, Ryutin, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_regex_value.rb

View Code ZIP pw:eip

References (5)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00004.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00006.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00007.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2013-0243.html

[Patch, Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb13-04.html

Scores

EPSS 0.9034

EPSS Percentile 99.6%

Details

VulnCheck KEV 2013-02-08

InTheWild.io 2018-12-06

Ransomware Use Confirmed

CWE

CWE-119

Status published

Products (1)

adobe/flash_player 10.3 - 10.3.183.51

Published Feb 08, 2013

Tracked Since Feb 18, 2026