CVE-2013-0648
CVE-2013-0648
In short
Adobe Flash Player had a flaw in its ExternalInterface feature that let attackers run malicious code by tricking users into opening specially crafted Flash files. This was actively exploited by hackers in early 2013.
Technical detail
Unspecified vulnerability in ExternalInterface ActionScript functionality allowed remote code execution via malicious SWF files. Attack vector requires user interaction (opening crafted content); impact is arbitrary code execution in the context of the Flash Player process. Affected versions: Flash Player <10.3.183.67, 11.x <11.6.602.171 (Windows/Mac), 11.x <11.2.202.273 (Linux).
Summary generated and translated by AI from the official description.
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0574.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0648http://www.adobe.com/support/security/bulletins/apsb13-08.html