CVE-2013-0648

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Published: Feb 27, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-0648
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / flash_player	10.3	10.3.183.67
adobe / flash_player	11.6	11.6.602.171
adobe / flash_player	11.2	11.2.202.273

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html
http://rhn.redhat.com/errata/RHSA-2013-0574.html
http://www.adobe.com/support/security/bulletins/apsb13-08.html

Vulnerability Database

291,049

CVE-2013-0648