Published: 08/02/2013 Updated: 06/12/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Buffer overflow in Adobe Flash Player prior to 10.3.183.51 and 11.x prior to 11.5.502.149 on Windows and Mac OS X, prior to 10.3.183.51 and 11.x prior to 11.2.202.262 on Linux, prior to 11.1.111.32 on Android 2.x and 3.x, and prior to 11.1.115.37 on Android 4.x allows remote malicious users to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe flash_player

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes two security issues is nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticals ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' ...

The mysterious case of CVE-2016-0034: the hunt for a Microsoft Silverlight 0-day

Securelist • Costin Raiu Anton Ivanov • 13 Jan 2016

Perhaps one of the most explosively discussed subjects of 2015 was the compromise and data dump of Hacking Team, the infamous Italian spyware company. For those who are not familiar with the subject, Hacking Team was founded in 2003 and specialized in selling spyware and surveillance tools to governments and law enforcement agencies. On July 5, 2015, a large amount of data from the company was leaked to the Internet with a hacker known as “Phineas Fisher” claiming responsibility for the brea...

Spyware. HackingTeam

Securelist • Sergey Golovanov • 23 Apr 2013

This article is based on technical data from Kaspersky Lab experts and their analysis of the Korablin and Morcut malicious programs. A number of conclusions have been drawn by Kaspersky Lab experts based on open source data references in the conclusion of this publication. Any questions regarding the contents of this article can be posted on Kaspersky Lab’s securelist.com website, or you can contact Kaspersky Lab’s PR Service directly via Kaspersky.com. According to Wikipedia, “Spyware is...

Securelist • Sergey Golovanov • 12 Feb 2013

Last week, Adobe released a patch for a vulnerability in Flash Player that was being exploited in targeted attacks. Before reading any further, we recommend you to take a moment make sure you apply this patch. Adobe offers this nifty tool to check that you have the latest version of Flash Player. If you are running Google Chrome, make sure you have version -24.0.1312.57 m- or later. Now back to CVE-2013-0633, the critical vulnerability that was discovered and reported to Adobe by Kaspersky Lab r...

The Register • John Leyden • 08 Feb 2013

Critical block for active Win and Mac attacks

Updated Adobe published a critical Flash Player update on Thursday that fixes not just one but two zero-day flaws, both under active attack by hackers. Both Windows and Mac users are in the firing line. One of the vulnerabilities (CVE-2013-0633) is being harnessed in targeted attacks designed to trick marks into opening a Microsoft Word document email attachment that contains malicious Flash (SWF) content. The exploit targets the ActiveX version of Flash Player on Windows. The second vulnerabili...

CVE-2013-0633

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect