Vulnerability Details : CVE-2013-0648
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Vulnerability category: Execute code
Products affected by CVE-2013-0648
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
CVE-2013-0648 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Flash Player Code Execution Vulnerability
CISA required action:
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
CISA description:
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
Notes:
https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0648
Added on
2024-09-17
Action due date
2024-10-08
Exploit prediction scoring system (EPSS) score for CVE-2013-0648
36.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0648
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-09-18 |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | 2024-09-19 |
References for CVE-2013-0648
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html
[security-announce] openSUSE-SU-2013:0360-1: critical: flash-player to 1Mailing List
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html
[security-announce] openSUSE-SU-2013:0359-1: critical: flash-player to 1Mailing List
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html
[security-announce] SUSE-SU-2013:0373-1: critical: Security update for fMailing List
-
http://rhn.redhat.com/errata/RHSA-2013-0574.html
RHSA-2013:0574 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.adobe.com/support/security/bulletins/apsb13-08.html
Adobe – Security Bulletins: APSB13-08 – Security updates available for Adobe Flash PlayerBroken Link;Patch;Vendor Advisory
Jump to