CVE-2013-0648

Publication date 27 February 2013

Last updated 23 September 2024

Ubuntu priority

Cvss 3 Severity Score

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
adobe-flashplugin	12.10 quantal	Fixed 11.2.202.273-0quantal1
	12.04 LTS precise	Fixed 11.2.202.273-0precise1
	11.10 oneiric	Fixed 11.2.202.273-0oneiric1
	10.04 LTS lucid	Fixed 11.2.202.273-0lucid1
	8.04 LTS hardy	Ignored end of life
flashplugin-nonfree	12.10 quantal	Fixed 11.2.202.273ubuntu0.12.10.1
	12.04 LTS precise	Fixed 11.2.202.273ubuntu0.12.04.1
	11.10 oneiric	Fixed 11.2.202.273ubuntu0.11.10.1
	10.04 LTS lucid	Fixed 11.2.202.273ubuntu0.10.04.1
	8.04 LTS hardy	Ignored end of life

Notes

jdstrand

chriscoulson provides updates for partner (adobe-flashplugin)

Severity score breakdown

Parameter	Value
Base score	8.8 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H