CVE-2013-0643

HIGH KEV

Adobe Flash Player <10.3.183.67-11.6.602.171 - RCE

Title source: llm

Description

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

References (6)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2013-0574.html

[Broken Link, Patch, Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb13-08.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0643

Scores

CVSS v3 8.8

EPSS 0.6420

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-09-17

VulnCheck KEV 2013-02-27

InTheWild.io 2018-12-06

ENISA EUVD EUVD-2013-0654

CWE

CWE-269

Status published

Products (12)

adobe/flash_player < 10.3.183.67

opensuse/opensuse 11.4

opensuse/opensuse 12.1

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_eus 5.9

redhat/enterprise_linux_eus 6.4

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server_aus 5.9

redhat/enterprise_linux_server_aus 6.4

redhat/enterprise_linux_workstation 6.0

... and 2 more

Published Feb 27, 2013

KEV Added Sep 17, 2024

Tracked Since Feb 18, 2026