CVE-2013-0648

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Severity
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
adobeflash_player
𝑥
< 10.3.183.67
adobeflash_player
11.0 ≤
𝑥
< 11.6.602.171
adobeflash_player
11.0 ≤
𝑥
< 11.2.202.273
opensuseopensuse
11.4
opensuseopensuse
12.1
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_eus
5.9
redhatenterprise_linux_eus
6.4
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server_aus
5.9
redhatenterprise_linux_server_aus
6.4
redhatenterprise_linux_workstation
6.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
quantal
Fixed 11.2.202.273-0quantal1
released
precise
Fixed 11.2.202.273-0precise1
released
oneiric
Fixed 11.2.202.273-0oneiric1
released
lucid
Fixed 11.2.202.273-0lucid1
released
hardy
ignored
flashplugin-nonfree
quantal
Fixed 11.2.202.273ubuntu0.12.10.1
released
precise
Fixed 11.2.202.273ubuntu0.12.04.1
released
oneiric
Fixed 11.2.202.273ubuntu0.11.10.1
released
lucid
Fixed 11.2.202.273ubuntu0.10.04.1
released
hardy
ignored