← Back

CVE-2013-0643

nvd nist
Published: Feb 27, 2013Modified: Apr 21, 2026CISA KEV

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Affected (14)

Show all products
Adobe: Flash Player · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation · Opensuse: Opensuse · Suse: Linux Enterprise Desktop
Adobe
1 product
Flash Player
Redhat
5 products
Enterprise Linux Desktop
Enterprise Linux Eus
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Workstation
Opensuse
1 product
Opensuse
Suse
1 product
Linux Enterprise Desktop
Configuration A
2 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Adobe
Flash Player
Before 10.3.183.67
Flash Player
From 11.0 to 11.6.602.171
Running on/withPlatform Versions
Apple
Mac Os X
All versions
Microsoft
Windows
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flash Player
From 11.0 to 11.2.202.273
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Configuration C
7 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux Desktop
Version 6.0
Redhat
Enterprise Linux Eus
Version 5.9
Enterprise Linux Eus
Version 6.4
Enterprise Linux Server
Version 6.0
Redhat
Enterprise Linux Server Aus
Version 5.9
Enterprise Linux Server Aus
Version 6.4
Enterprise Linux Workstation
Version 6.0
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Opensuse
Version 11.4
Opensuse
Version 12.1
Suse
Linux Enterprise Desktop
Version 10 sp4
Linux Enterprise Desktop
Version 11 sp2

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (11)

Source: psirt@adobe.com
Mailing List
Source: psirt@adobe.com
Mailing List
Source: psirt@adobe.com
Mailing List
Source: psirt@adobe.com
Third Party Advisory
Source: psirt@adobe.com
Broken LinkPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkPatchVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.