CVE-2013-0643
KEV
🔴 Łataj teraz
Błąd w sandboxie Adobe Flash Player umożliwia zdalne wykonanie kodu przez złośliwe SWF.
CVSS
8.8
EPSS
64.2%
Exploit
weaponized
Vendor
redhat
Opis źródłowy (NVD)
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 64.2% |
| Opublikowano (NVD) | 2013-02-27 00:55:01 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 20:57:32 UTC |
Referencje
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html (psirt@adobe.com) [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html (psirt@adobe.com) [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html (psirt@adobe.com) [Mailing List]
- http://rhn.redhat.com/errata/RHSA-2013-0574.html (psirt@adobe.com) [Third Party Advisory]
- http://www.adobe.com/support/security/bulletins/apsb13-08.html (psirt@adobe.com) [Broken Link, Patch, Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0643 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]