CVE-2013-0643

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

History

19 Sep 2024, 19:48

Type Values Removed Values Added
CPE cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
References () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html - Mailing List
References () http://www.adobe.com/support/security/bulletins/apsb13-08.html - Patch, Vendor Advisory () http://www.adobe.com/support/security/bulletins/apsb13-08.html - Broken Link, Patch, Vendor Advisory
First Time Suse
Opensuse opensuse
Redhat
Opensuse
Redhat enterprise Linux Workstation
Suse linux Enterprise Desktop
Redhat enterprise Linux Server
Redhat enterprise Linux Eus
Redhat enterprise Linux Desktop
Redhat enterprise Linux Server Aus
CWE CWE-264 NVD-CWE-noinfo

18 Sep 2024, 19:35

Type Values Removed Values Added
CWE CWE-269
CVSS v2 : 9.3
v3 : unknown
v2 : 9.3
v3 : 8.8

Information

Published : 2013-02-27 00:55

Updated : 2024-09-19 19:48


NVD link : CVE-2013-0643

Mitre link : CVE-2013-0643

CVE.ORG link : CVE-2013-0643


JSON object : View

Products Affected

microsoft

  • windows

opensuse

  • opensuse

adobe

  • flash_player

redhat

  • enterprise_linux_server_aus
  • enterprise_linux_workstation
  • enterprise_linux_server
  • enterprise_linux_eus
  • enterprise_linux_desktop

linux

  • linux_kernel

apple

  • mac_os_x

suse

  • linux_enterprise_desktop
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management