CVE-2013-0634

EXPLOITED IN THE WILD RANSOMWARE

Adobe Flash Player <10.3.183.51-11.5.502.149 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-0634 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 3 public exploits from researchers including Metasploit, d0now, Unknown, Boris, Ryutin, juan vazquez, including a Metasploit module exploits/windows/browser/adobe_flash_regex_value.

AI-analyzed exploit summary This Metasploit module exploits a heap overflow vulnerability in Adobe Flash Player's ActiveX component via a crafted SWF file with a malicious regex, leading to remote code execution. It leverages predictable SharedUserData to bypass ASLR and has been tested on Windows XP/7 with Flash Player versions before 11.5.502.149.

Description

Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/32959

This Metasploit module exploits a heap overflow vulnerability in Adobe Flash Player's ActiveX component via a crafted SWF file with a malicious regex, leading to remote code execution. It leverages predictable SharedUserData to bypass ASLR and has been tested on Windows XP/7 with Flash Player versions before 11.5.502.149.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player < 11.5.502.149
No auth needed
Prerequisites: Target must visit a malicious webpage hosting the exploit · Adobe Flash Player ActiveX component must be installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Unknown, Boris, Ryutin, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_regex_value.rb

This Metasploit module exploits a heap overflow vulnerability in Adobe Flash Player's ActiveX component by delivering a crafted SWF file with a malicious regex value, leading to remote code execution. It leverages predictable SharedUserData to bypass ASLR and has been tested on Windows XP SP3 and Windows 7 SP1.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player before 11.5.502.149
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Adobe Flash Player ActiveX component must be enabled in the browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb13-04.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0243.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00004.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00007.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00006.html

Scores

EPSS 0.9034
EPSS Percentile 99.6%

Details

VulnCheck KEV 2013-02-08
InTheWild.io 2018-12-06
Ransomware Use Confirmed
CWE
CWE-119
Status published
Products (1)
adobe/flash_player 10.3 - 10.3.183.51
Published Feb 08, 2013
Tracked Since Feb 18, 2026