CVE-2013-0648

HIGH KEV

Adobe Flash Player <11.6.602.171 - RCE

Title source: llm

Description

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

References (6)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2013-0574.html

[Broken Link, Patch, Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb13-08.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0648

Scores

CVSS v3 8.8

EPSS 0.6128

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-09-17

VulnCheck KEV 2013-02-27

InTheWild.io 2018-12-06

ENISA EUVD EUVD-2013-0659

Status published

Products (12)

adobe/flash_player < 10.3.183.67

opensuse/opensuse 11.4

opensuse/opensuse 12.1

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_eus 5.9

redhat/enterprise_linux_eus 6.4

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server_aus 5.9

redhat/enterprise_linux_server_aus 6.4

redhat/enterprise_linux_workstation 6.0

... and 2 more

Published Feb 27, 2013

KEV Added Sep 17, 2024

Tracked Since Feb 18, 2026