Exploitation Summary
CVE-2013-0648 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 17, 2024.
Description
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
References (6)
Core 6
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0648
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0574.html
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb13-08.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html
Scores
CVSS v3
8.8
EPSS
0.5546
EPSS Percentile
98.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2024-09-17
VulnCheck KEV
2013-02-27
InTheWild.io
2018-12-06
ENISA EUVD
EUVD-2013-0659
Status
published
Products (12)
adobe/flash_player
< 10.3.183.67
opensuse/opensuse
11.4
opensuse/opensuse
12.1
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_eus
5.9
redhat/enterprise_linux_eus
6.4
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_server_aus
5.9
redhat/enterprise_linux_server_aus
6.4
redhat/enterprise_linux_workstation
6.0
... and 2 more
Published
Feb 27, 2013
KEV Added
Sep 17, 2024
Tracked Since
Feb 18, 2026