Vulnerability Details : CVE-2013-0643
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2013-0643
Probability of exploitation activity in the next 30 days: 3.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0643
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-0643
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0643
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html
[security-announce] openSUSE-SU-2013:0360-1: critical: flash-player to 1Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html
[security-announce] openSUSE-SU-2013:0359-1: critical: flash-player to 1Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html
[security-announce] SUSE-SU-2013:0373-1: critical: Security update for fMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0574.html
RHSA-2013:0574 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.adobe.com/support/security/bulletins/apsb13-08.html
Adobe – Security Bulletins: APSB13-08 – Security updates available for Adobe Flash PlayerPatch;Vendor Advisory
Products affected by CVE-2013-0643
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*