CVE-2013-0648

CVE Database · CVE-2013-0648

CVE-2013-0648

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

11.09%

Published

Feb 26, 2013

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2024-09-17 · Due: 2024-10-08

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products (17)

adobe · flash_player (up to 10.3.183.67)vulnerable

adobe · flash_player (up to 11.6.602.171)vulnerable

apple · mac_os_x

microsoft · windows

adobe · flash_player (up to 11.2.202.273)vulnerable

linux · linux_kernel

opensuse · opensusevulnerable

suse · linux_enterprise_desktopvulnerable

References (11)