Published: 27/02/2013 Updated: 06/12/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The Firefox sandbox in Adobe Flash Player prior to 10.3.183.67 and 11.x prior to 11.6.602.171 on Windows and Mac OS X, and prior to 10.3.183.67 and 11.x prior to 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote malicious users to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe flash_player

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes three security issues isnow available for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having critica ...

Adobe squashes TWO critical Flash vulnerabilities with emergency patches

The Register • Jack Clark in San Francisco • 27 Feb 2013

Two out of three threats are dangerous, being used in wild

Adobe published a critical Flash Player update on Tuesday to fix three exploits, two of which are under active attack by hackers. Two of the three vulnerabilities are being used by nefarious folk, Adobe said, and one of these two explicitly targets the Firefox browser. Adobe introduced the Flash Player sandbox a year ago to protect Firefox users from vulnerabilities in Flash. It appears this is now being targeted for permission escalation attacks. "Adobe is aware of reports that CVE-2013-0643 a...

CVE-2013-0643

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect