9.3

CVE-2013-0643

Warning

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Data is provided by the National Vulnerability Database (NVD)
AdobeFlash Player Version < 10.3.183.67
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player Version >= 11.0 < 11.6.602.171
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player Version >= 11.0 < 11.2.202.273
   LinuxLinux Kernel Version-
RedhatEnterprise Linux Eus Version5.9
RedhatEnterprise Linux Eus Version6.4
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.1
SuseLinux Enterprise Desktop Version10 Updatesp4 SwEdition-
SuseLinux Enterprise Desktop Version11 Updatesp2

17.09.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Flash Player Incorrect Default Permissions Vulnerability

Vulnerability

Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.

Description

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 36.3% 0.967
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.