CVE-2013-0643
CVE-2013-0643
In short
Adobe Flash Player had a sandbox security flaw that allowed attackers to execute malicious code by tricking users into opening specially crafted Flash files. The sandbox, which is supposed to limit what Flash can do, wasn't working properly.
Technical detail
The Firefox sandbox in Adobe Flash Player before versions 10.3.183.67/11.6.602.171 (Windows/Mac) and 10.3.183.67/11.2.202.273 (Linux) failed to properly enforce privilege restrictions, enabling remote code execution through malicious SWF content. The vulnerability was actively exploited in the wild in February 2013, indicating improper isolation of untrusted Flash content.
Summary generated and translated by AI from the official description.
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0574.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0643http://www.adobe.com/support/security/bulletins/apsb13-08.html