⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2013-0634Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents11 sources
Severity
9.3CRITICALNVD
EPSS
90.3%
top 0.40%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Flash Player
Timeline
PublishedFeb 8
Latest updateMay 14

Description

Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/flash_player10.310.3.183.51+4

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-82c2-48r6-3hq5: Adobe Flash Player before 102022-05-14
VulnCheck
Adobe Flash Player Improper Restriction of Operations within the Bounds of a Memory Buffer2013

💥Exploits & PoCs

2
Exploit-DB
Adobe Flash Player - Regular Expression Heap Overflow (Metasploit)2014-04-21
Metasploit
Adobe Flash Player Regular Expression Heap Overflow

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple code execution flaws (APSB13-04)2013-02-07

🕵️Threat Intelligence

5
Talos
The never ending Exploit Kit shift - Bleeding Life2014-06-12
Talos
The never ending Exploit Kit shift - Bleeding Life2014-06-12
Krebs
Critical Flash Player Update Fixes 2 Zero-Days2013-02-07
Krebs
Critical Flash Player Update Fixes 2 Zero-Days – Krebs on Security2013-02-01
Recorded Future
Tracking Moving Targets: Exploit Kits and CVEs

💬Community

4
Bugzilla
pcre: heap buffer overflow with a crafted regular expression2015-08-06
Bugzilla
pcre: heap buffer overflow in pcre_compile2() / compile_regex()2015-06-01
HackerOne
Adobe Flash Player Out-of-Bound Access Vulnerability2015-03-25
Bugzilla
CVE-2013-0633 CVE-2013-0634 flash-plugin: multiple code execution flaws (APSB13-04)2013-02-08