CVE DATABASE / CVE-2013-0643
CVE-2013-0643
Adobe Flash Player Incorrect Default Permissions Vulnerability
Confirmed exploited in the wild. Added 2024-09-17.
Federal remediation due 2024-10-08.
Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Summary
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVSS 3.1 breakdown
| Base score | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html
- http://rhn.redhat.com/errata/RHSA-2013-0574.html
- http://www.adobe.com/support/security/bulletins/apsb13-08.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0643
Data: NIST NVD + CISA KEV. NVD last modified 2026-04-21. Always verify against the vendor advisory before acting.