Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2013-0634

Published: 08/02/2013 Updated: 06/12/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Flash Player

Vulnerability Summary

Adobe Flash Player prior to 10.3.183.51 and 11.x prior to 11.5.502.149 on Windows and Mac OS X, prior to 10.3.183.51 and 11.x prior to 11.2.202.262 on Linux, prior to 11.1.111.32 on Android 2.x and 3.x, and prior to 11.1.115.37 on Android 4.x allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

Vendor Advisories

Red Hat: Critical: flash-plugin security update
Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes two security issues is nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticals ...

Exploits

Exploit DB: Adobe Flash Player - Regular Expression Heap Overflow (Metasploit)
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' ...
Exploit DB: Adobe Flash Player Regular Expression Heap Overflow
This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 115502149 By supplying a specially crafted swf file with special regex value, it is possible to trigger an memory corruption, which results in remote code execution under the context of the user, as exploited in the wild in February 2013 ...

Recent Articles

IT Threat Evolution: Q2 2013
Securelist • Christian Funk Denis Maslennikov • 15 Aug 2013

In early June, Kaspersky Lab announced a discovery that opened a whole new chapter in the field of cyber-espionage. Named NetTraveler, this is family of malicious programs used by APT actors to successfully compromise more than 350 high-profile victims in 40 countries. The NetTraveler group infected victims across both the public and private sector including government institutions, embassies, the oil and gas industry, research centers, military contractors and activists. The threat, which has b...

Read more...
Winnti-Stolen Digital Certificates Re-Used in Current Watering Hole Attacks on Tibetan and Uyghur Groups
Securelist • Kurt Baumgartner • 12 Apr 2013

A new-ish Flash exploit has been on the loose for attacks around the web. This time, the attackers have compromised a caregiver site providing support for Tibetan refugee children and are spreading backdoors signed with Winnti stolen certificates delivered with Flash exploits – the compromised web site is the NGO “Tibetan Homes Foundation”. Previously, FireEye identified similar “Lady Boyle” related malicious swf exploiting CVE-2013-0634. A notification has been sent to the contacts of...

Read more...
Adobe muzzles TWO zero-day wild things with emergency Flash patches
The Register • John Leyden • 08 Feb 2013

Critical block for active Win and Mac attacks

Updated Adobe published a critical Flash Player update on Thursday that fixes not just one but two zero-day flaws, both under active attack by hackers. Both Windows and Mac users are in the firing line. One of the vulnerabilities (CVE-2013-0633) is being harnessed in targeted attacks designed to trick marks into opening a Microsoft Word document email attachment that contains malicious Flash (SWF) content. The exploit targets the ActiveX version of Flash Player on Windows. The second vulnerabili...

Read more...

References

CWE-119http://www.adobe.com/support/security/bulletins/apsb13-04.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00007.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0243.htmlhttps://access.redhat.com/errata/RHSA-2013:0243https://nvd.nist.govhttps://www.exploit-db.com/exploits/32959/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook