CVE-2013-0643
published 2013-02-27CVE-2013-0643: The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before…
PriorityP178high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-10-08
Exploited in the wild
EPSS
10.53%
95.2th percentile
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | < 10.3.183.67 | 10.3.183.67 |
| adobe | flash_player | >= 11.0 < 11.6.602.171 | 11.6.602.171 |
| adobe | flash_player | >= 11.0 < 11.2.202.273 | 11.2.202.273 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_desktop | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2013-0643 exploits specifically target Firefox users via the Flash Player Firefox sandbox; monitor for Firefox processes spawning unexpected child processes after loading SWF content. ↗
- →Attack vector is a redirect chain: user clicks a link which redirects to a site serving malicious Flash content. Monitor for redirect chains leading to SWF file delivery in Firefox. ↗
- →Exploitation was confirmed in the wild in February 2013; treat any Flash Player version below 10.3.183.67 or 11.x below 11.6.602.171 (Win/Mac) / 11.2.202.273 (Linux) as an active risk indicator. ↗
- ·The vulnerability is in the Firefox sandbox specifically; Flash in other browsers (IE, Chrome) uses a different sandbox and is not the targeted attack surface for this CVE. ↗
- ·Windows users running non-IE browsers must patch Flash twice — once for IE and once for the alternative browser — as the two installations are separate. ↗
- ·Adobe Flash Player is end-of-life; CISA recommends discontinuing use entirely rather than patching. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rv96-qgg3-4gv7: The Firefox sandbox in Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14
CVE-2013-0643 [HIGH] CWE-269 GHSA-rv96-qgg3-4gv7: The Firefox sandbox in Adobe Flash Player before 10
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
VulnCheck
Adobe Flash Player Incorrect Default Permissions Vulnerability
vulncheck·2013·CVSS 8.8
CVE-2013-0643 [HIGH] CWE-264 Adobe Flash Player Incorrect Default Permissions Vulnerability
Adobe Flash Player Incorrect Default Permissions Vulnerability
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
Affected: Adobe Flash Player
Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Exploitation References: https://cisa.gov/news-events/alerts/2013/02/27/security-updates-available-adobe-flash-player; https://www.cve.org/CVERecord?id=CVE-2013-0643; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2024-10-08
CISA
Adobe Flash Player Incorrect Default Permissions Vulnerability
cisa·2024-09-17·CVSS 8.8
CVE-2013-0643 [HIGH] CWE-264 Adobe Flash Player Incorrect Default Permissions Vulnerability
Vulnerability: Adobe Flash Player Incorrect Default Permissions Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes: https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0643
Remediation Due Date: 2024-10-08
Red Hat
flash-plugin: Firefox sandbox permissions issue (APSB13-08)
vendor_redhat·2013-02-26·CVSS 8.8
CVE-2013-0643 [HIGH] flash-plugin: Firefox sandbox permissions issue (APSB13-08)
flash-plugin: Firefox sandbox permissions issue (APSB13-08)
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
No detection rules found.
No public exploits indexed.
Krebs
Flash Player Update Fixes Zero-Day Flaws
blogs_krebs·2013-02-27·CVSS 8.8
CVE-2013-0643 [HIGH] Flash Player Update Fixes Zero-Day Flaws
Adobe has released an emergency update for its Flash Player software that fixes three critical vulnerabilities, two of which the company warns are actively being exploited to compromise systems.
In an advisory, Adobe said two of the bugs quashed in this update (CVE-2013-0643 and CVE-2013-0648) are being used by attackers to target Firefox users. The company noted that the attacks are designed to trick users into clicking a link which redirects to a Web site serving malicious Flash content.
Readers can be forgiven for feeling patch fatigue with Flash: This is the third security update that Adobe has shipped for Flash in the last month. On Feb. 12, Adobe released a patch to plug at least 17 security holes in Flash. On Feb. 7, Adobe rushed out an update to fix two other flaws that attackers
Krebs
Flash Player Update Fixes Zero-Day Flaws – Krebs on Security
blogs_krebs·2013-02-01·CVSS 8.8
CVE-2013-0643 [HIGH] Flash Player Update Fixes Zero-Day Flaws – Krebs on Security
Adobe has released an emergency update for its Flash Player software that fixes three critical vulnerabilities, two of which the company warns are actively being exploited to compromise systems.
In an advisory , Adobe said two of the bugs quashed in this update ( CVE-2013-0643 and CVE-2013-0648 ) are being used by attackers to target Firefox users. The company noted that the attacks are designed to trick users into clicking a link which redirects to a Web site serving malicious Flash content.
Readers can be forgiven for feeling patch fatigue with Flash: This is the third security update that Adobe has shipped for Flash in the last month . On Feb. 12, Adobe released a patch to plug at least 17 security holes in Flash. On Feb. 7, Adobe rushed out an update to fix two other flaws that attac
Bugzilla
CVE-2013-0643 flash-plugin: Firefox sandbox permissions issue (APSB13-08)
bugzilla·2013-02-26·CVSS 8.8
CVE-2013-0643 [HIGH] CVE-2013-0643 flash-plugin: Firefox sandbox permissions issue (APSB13-08)
CVE-2013-0643 flash-plugin: Firefox sandbox permissions issue (APSB13-08)
Adobe security bulletin APSB13-08 describes a permissions issue with the Adobe Flash Player Firefox sandbox:
This update resolves a permissions issue with the Flash Player Firefox sandbox (CVE-2013-0643).
External References:
http://www.adobe.com/support/security/bulletins/apsb13-08.html
Discussion:
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2013:0574 https://rhn.redhat.com/errata/RHSA-2013-0574.html
Bugzilla
Blocklist/Click-to-Play Adobe Flash Player 11.5.502.146 (Mac, Windows), 11.2.202.261 (Linux)
bugzilla·2013-02-08·CVSS 8.8
[HIGH] Blocklist/Click-to-Play Adobe Flash Player 11.5.502.146 (Mac, Windows), 11.2.202.261 (Linux)
Blocklist/Click-to-Play Adobe Flash Player 11.5.502.146 (Mac, Windows), 11.2.202.261 (Linux)
There is a new Adobe Flash update out there, so I suppose we might want to blocklist the old version.
According to the bug report some interesting reporters appear, which alludes that this vulnerability has already been exploited in the wild for high-profile attacks (see news article linked in URL field).
Request:
Block these versions of Adobe Flash Player:
11.5.502.146 (Mac, Windows)
11.2.202.261 (Linux)
and in case we have this feature in fennec, please include:
11.1.115.36 (Android 4.x)
11.1.111.31 (Android 3.x and 2.x.)
Discussion:
If anything, we'd need to also block all older versions than those, as those are also vulnerable. That said, I think we are not yet ready for wide-ranged block
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0574.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-08.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0574.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-08.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0643
2013-02-27
Published
2024-09-17
Added to CISA KEV
Exploited in the wild