CVE-2013-0648
KEV
🔴 Łataj teraz
Nieokreślona podatność w Adobe Flash Player umożliwia zdalne wykonanie kodu przez złośliwe SWF.
CVSS
8.8
EPSS
61.3%
Exploit
weaponized
Vendor
redhat
Opis źródłowy (NVD)
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 61.3% |
| Opublikowano (NVD) | 2013-02-27 00:55:01 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 20:57:26 UTC |
Referencje
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html (psirt@adobe.com) [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html (psirt@adobe.com) [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html (psirt@adobe.com) [Mailing List]
- http://rhn.redhat.com/errata/RHSA-2013-0574.html (psirt@adobe.com) [Third Party Advisory]
- http://www.adobe.com/support/security/bulletins/apsb13-08.html (psirt@adobe.com) [Broken Link, Patch, Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0648 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]