cbcvebase.
CVE-2013-0648
published 2013-02-27

CVE-2013-0648: Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows…

PriorityP179high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-10-08
Exploited in the wild
EPSS
11.09%
95.4th percentile
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Affected

14 ranges
VendorProductVersion rangeFixed in
adobeflash_player< 10.3.183.6710.3.183.67
adobeflash_player>= 11.0 < 11.6.602.17111.6.602.171
adobeflash_player>= 11.0 < 11.2.202.27311.2.202.273
opensuseopensuse
opensuseopensuse
redhatenterprise_linux_desktop
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_server
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_aus
redhatenterprise_linux_workstation
suselinux_enterprise_desktop
suselinux_enterprise_desktop

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2013-0648 exploits target Firefox browser users via crafted SWF content delivered through a redirect chain; monitor for Firefox processes loading Flash content from unexpected or newly-visited domains
  • Attack vector is a user clicking a link that redirects to a site serving malicious SWF content; look for redirect chains terminating in .swf file downloads or Flash content loads in network logs
  • Vulnerable Flash versions to flag in endpoint telemetry: 11.5.502.146 (Mac/Windows) and 11.2.202.261 (Linux) — presence of these versions indicates unpatched exposure to active in-the-wild exploitation
  • Also flag Android Flash versions 11.1.115.36 (Android 4.x) and 11.1.111.31 (Android 3.x and 2.x) as vulnerable in mobile device management or endpoint inventory
  • The vulnerability resides in the ExternalInterface ActionScript functionality; inspect SWF files for use of ExternalInterface calls as a triage indicator for malicious content
  • ·Exploitation was confirmed in the wild in February 2013; patched versions are 10.3.183.67 and 11.6.602.171 (Windows/Mac) and 11.2.202.273 (Linux) — detections should focus on versions below these thresholds
  • ·Adobe Flash Player is end-of-life; any detection rules or blocklists built around this CVE should account for the product no longer receiving updates, meaning all remaining Flash installations are permanently vulnerable

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.