⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2013-0633Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
9.3CRITICALNVD
EPSS
58.9%
top 1.77%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Flash Player
Timeline
PublishedFeb 8
Latest updateMay 14

Description

Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/flash_player10.310.3.183.51+4

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-rx9m-v5wf-75h4: Buffer overflow in Adobe Flash Player before 102022-05-14
VulnCheck
Adobe Flash Player Improper Restriction of Operations within the Bounds of a Memory Buffer2013

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash Player - Regular Expression Heap Overflow (Metasploit)2014-04-21

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple code execution flaws (APSB13-04)2013-02-07

🕵️Threat Intelligence

2
Krebs
Critical Flash Player Update Fixes 2 Zero-Days2013-02-07
Krebs
Critical Flash Player Update Fixes 2 Zero-Days – Krebs on Security2013-02-01

💬Community

1
Bugzilla
CVE-2013-0633 CVE-2013-0634 flash-plugin: multiple code execution flaws (APSB13-04)2013-02-08