CVE-2013-0643

EUVD-2013-0654
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
adobeflash_player
𝑥
< 10.3.183.67
adobeflash_player
11.0 ≤
𝑥
< 11.6.602.171
adobeflash_player
11.0 ≤
𝑥
< 11.2.202.273
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_eus
5.9
redhatenterprise_linux_eus
6.4
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server_aus
5.9
redhatenterprise_linux_server_aus
6.4
redhatenterprise_linux_workstation
6.0
opensuseopensuse
11.4
opensuseopensuse
12.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
hardy
ignored
lucid
Fixed 11.2.202.273-0lucid1
released
oneiric
Fixed 11.2.202.273-0oneiric1
released
precise
Fixed 11.2.202.273-0precise1
released
quantal
Fixed 11.2.202.273-0quantal1
released
flashplugin-nonfree
hardy
ignored
lucid
Fixed 11.2.202.273ubuntu0.10.04.1
released
oneiric
Fixed 11.2.202.273ubuntu0.11.10.1
released
precise
Fixed 11.2.202.273ubuntu0.12.04.1
released
quantal
Fixed 11.2.202.273ubuntu0.12.10.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html
http://rhn.redhat.com/errata/RHSA-2013-0574.html
http://www.adobe.com/support/security/bulletins/apsb13-08.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html
http://rhn.redhat.com/errata/RHSA-2013-0574.html
http://www.adobe.com/support/security/bulletins/apsb13-08.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0643