⚠ Actively exploited
Added to CISA KEV on 2024-09-17. Federal agencies required to patch by 2024-10-08. Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product..
CVE-2013-0648 — Adobe Flash Player vulnerability
10 documents8 sources
Severity
8.8HIGHNVD
EPSS
54.7%
top 1.96%
CISA KEV
KEV
Added 2024-09-17
Due 2024-10-08
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedFeb 27
KEV addedSep 17
KEV dueOct 8
CISA Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Description
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages6 packages
Also affects: Enterprise Linux 5.9, 6.4