CISA KEV 정보
| 취약점명 | Adobe Flash Player Incorrect Default Permissions Vulnerability |
|---|---|
| 설명 | Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. |
| 조치사항 | The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-264 |
| 등록일 (KEV) | 2024-09-17 |
| 조치 기한 | 2024-10-08 |
| 추가 참고 | https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0643 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS v2.0: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C설명: The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CWE: CWE-269
참조
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html [Mailing List]
- http://rhn.redhat.com/errata/RHSA-2013-0574.html [Third Party Advisory]
- http://www.adobe.com/support/security/bulletins/apsb13-08.html [Broken Link, Patch, Vendor Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html [Mailing List]
- http://rhn.redhat.com/errata/RHSA-2013-0574.html [Third Party Advisory]
- http://www.adobe.com/support/security/bulletins/apsb13-08.html [Broken Link, Patch, Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0643
This product uses the NVD API but is not endorsed or certified by the NVD.