CVE-2013-0643

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

History

19 Sep 2024, 19:48

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html - Mailing List
References () http://www.adobe.com/support/security/bulletins/apsb13-08.html - Patch, Vendor Advisory () http://www.adobe.com/support/security/bulletins/apsb13-08.html - Broken Link, Patch, Vendor Advisory
CPE cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
CWE CWE-264 NVD-CWE-noinfo
First Time Redhat enterprise Linux Eus
Redhat enterprise Linux Server
Redhat enterprise Linux Workstation
Redhat enterprise Linux Desktop
Suse linux Enterprise Desktop
Redhat enterprise Linux Server Aus
Redhat
Opensuse opensuse
Suse
Opensuse

18 Sep 2024, 19:35

Type Values Removed Values Added
CVSS v2 : 9.3
v3 : unknown
v2 : 9.3
v3 : 8.8
CWE CWE-269

Information

Published : 2013-02-27 00:55

Updated : 2024-09-19 19:48


NVD link : CVE-2013-0643

Mitre link : CVE-2013-0643

CVE.ORG link : CVE-2013-0643


JSON object : View

Products Affected

apple

  • mac_os_x

redhat

  • enterprise_linux_server
  • enterprise_linux_desktop
  • enterprise_linux_server_aus
  • enterprise_linux_eus
  • enterprise_linux_workstation

opensuse

  • opensuse

suse

  • linux_enterprise_desktop

linux

  • linux_kernel

adobe

  • flash_player

microsoft

  • windows
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management