cbcvebase.
CVE-2013-0643
published 2013-02-27

CVE-2013-0643: The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before…

PriorityP178high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-10-08
Exploited in the wild
EPSS
10.53%
95.2th percentile
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Affected

14 ranges
VendorProductVersion rangeFixed in
adobeflash_player< 10.3.183.6710.3.183.67
adobeflash_player>= 11.0 < 11.6.602.17111.6.602.171
adobeflash_player>= 11.0 < 11.2.202.27311.2.202.273
opensuseopensuse
opensuseopensuse
redhatenterprise_linux_desktop
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_server
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_aus
redhatenterprise_linux_workstation
suselinux_enterprise_desktop
suselinux_enterprise_desktop

Detection & IOCsextracted from sources · hover to see the quote

versionAdobe Flash Player 11.5.502.146 (Mac, Windows) - vulnerable
versionAdobe Flash Player 11.1.115.36 (Android 4.x) - vulnerable
versionAdobe Flash Player 11.1.111.31 (Android 3.x and 2.x) - vulnerable
  • CVE-2013-0643 exploits specifically target Firefox users via the Flash Player Firefox sandbox; monitor for Firefox processes spawning unexpected child processes after loading SWF content.
  • Attack vector is a redirect chain: user clicks a link which redirects to a site serving malicious Flash content. Monitor for redirect chains leading to SWF file delivery in Firefox.
  • Exploitation was confirmed in the wild in February 2013; treat any Flash Player version below 10.3.183.67 or 11.x below 11.6.602.171 (Win/Mac) / 11.2.202.273 (Linux) as an active risk indicator.
  • ·The vulnerability is in the Firefox sandbox specifically; Flash in other browsers (IE, Chrome) uses a different sandbox and is not the targeted attack surface for this CVE.
  • ·Windows users running non-IE browsers must patch Flash twice — once for IE and once for the alternative browser — as the two installations are separate.
  • ·Adobe Flash Player is end-of-life; CISA recommends discontinuing use entirely rather than patching.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.