PT-2013-2493 · Adobe+3 · Flash Player+3

Published

2013-02-27

·

Updated

2024-12-20

·

CVE-2013-0643

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 10.3.183.67 Adobe Flash Player versions 11.x prior to 11.2.202.273 on Linux Adobe Flash Player versions 11.x prior to 11.6.602.171 on Windows and Mac OS X
Description The Firefox sandbox in Adobe Flash Player does not properly restrict privileges, making it easier for remote attackers to execute arbitrary code via crafted SWF content. This issue has been exploited in the wild in February 2013.
Recommendations For Adobe Flash Player versions prior to 10.3.183.67, update to version 10.3.183.67 or later. For Adobe Flash Player versions 11.x prior to 11.2.202.273 on Linux, update to version 11.2.202.273 or later. For Adobe Flash Player versions 11.x prior to 11.6.602.171 on Windows and Mac OS X, update to version 11.6.602.171 or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2013-0643
OPENSUSE-SU-2013_0359-1
OPENSUSE-SU-2013_0359-2
OPENSUSE-SU-2013_0360-1
RHSA-2013:0574
RHSA-2013_0574

Affected Products

Flash Player
Firefox
Red Hat
Suse