Vulnerabilities > CVE-2013-0648

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
adobe
suse
opensuse
redhat
nessus

Summary

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Vulnerable Configurations

Part Description Count
Application
Adobe
244
OS
Apple
1
OS
Microsoft
1
OS
Linux
1
OS
Suse
2
OS
Opensuse
2
OS
Redhat
7

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_FLASH-PLAYER-8476.NASL
    descriptionflash-player has been updated to 11.2.202.273 security update, which fixes several critical security bugs that could have been used by remote attackers to execute code. (CVE-2013-0504 / CVE-2013-0643 / CVE-2013-0648) More information can be found on : https://www.adobe.com/support/security/bulletins/apsb13-08.html
    last seen2020-06-05
    modified2013-03-01
    plugin id64966
    published2013-03-01
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64966
    titleSuSE 10 Security Update : flash-player (ZYPP Patch Number 8476)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64966);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-0504", "CVE-2013-0643", "CVE-2013-0648");
    
      script_name(english:"SuSE 10 Security Update : flash-player (ZYPP Patch Number 8476)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "flash-player has been updated to 11.2.202.273 security update, which
    fixes several critical security bugs that could have been used by
    remote attackers to execute code. (CVE-2013-0504 / CVE-2013-0643 /
    CVE-2013-0648)
    
    More information can be found on :
    
    https://www.adobe.com/support/security/bulletins/apsb13-08.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0504.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0643.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0648.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8476.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"flash-player-11.2.202.273-0.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-162.NASL
    descriptionFlash Player was updated to 11.2.202.273 to fix critical security issues: (bnc#806415) - APSB13-08, CVE-2013-0504, CVE-2013-0643, CVE-2013-0648 More information can be found on: https://www.adobe.com/support/security/bulletins/apsb13-08.html
    last seen2020-06-05
    modified2014-06-13
    plugin id74905
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74905
    titleopenSUSE Security Update : flash-player (openSUSE-SU-2013:0359-2)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_DBDAC02380E111E29A29001060E06FD4.NASL
    descriptionAdobe reports : These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
    last seen2020-06-01
    modified2020-06-02
    plugin id64923
    published2013-02-28
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64923
    titleFreeBSD : linux-flashplugin -- multiple vulnerabilities (dbdac023-80e1-11e2-9a29-001060e06fd4)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_11_6_602_171.NASL
    descriptionAccording to its version, the instance of Flash Player installed on the remote Mac OS X host is 11.x equal or prior to 11.6.602.167, or 10.x equal or prior to 10.3.183.61. It is, therefore, potentially affected by the following vulnerabilities : - A buffer overflow error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id64917
    published2013-02-27
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64917
    titleFlash Player for Mac <= 10.3.183.61 / 11.6.602.167 Multiple Vulnerabilities (APSB13-08)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0574.NASL
    descriptionAn updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-08, listed in the References section. Specially crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-0504, CVE-2013-0648) This update also fixes a permissions issue with the Adobe Flash Player Firefox sandbox. (CVE-2013-0643) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.273.
    last seen2020-06-01
    modified2020-06-02
    plugin id64924
    published2013-02-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64924
    titleRHEL 5 / 6 : flash-plugin (RHSA-2013:0574)
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB13-08.NASL
    descriptionAccording to its version, the instance of Flash Player installed on the remote Windows host is 11.x equal or prior to 11.6.602.168, or 10.x equal or prior to 10.3.183.63. It is, therefore, potentially affected by the following vulnerabilities : - A buffer overflow error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id64916
    published2013-02-27
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64916
    titleFlash Player <= 10.3.183.63 / 11.6.602.168 Multiple Vulnerabilities (APSB13-08)
  • NASL familyWindows
    NASL idSMB_KB2819372.NASL
    descriptionThe remote host is missing KB2819372. It may, therefore, be affected by the following vulnerabilities related to the installed version of the Adobe Flash ActiveX control : - A buffer overflow error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id64918
    published2013-02-27
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64918
    titleMS KB2819372: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FLASH-PLAYER-130228.NASL
    descriptionflash-player has been updated to 11.2.202.273 security update, which fixes several critical security bugs that could have been used by remote attackers to execute code. (CVE-2013-0504 / CVE-2013-0643 / CVE-2013-0648) More information can be found on : https://www.adobe.com/support/security/bulletins/apsb13-08.html
    last seen2020-06-05
    modified2013-03-01
    plugin id64965
    published2013-03-01
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64965
    titleSuSE 11.2 Security Update : flash-player (SAT Patch Number 7431)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-06 (Adobe Flash Player: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id69889
    published2013-09-14
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69889
    titleGLSA-201309-06 : Adobe Flash Player: Multiple vulnerabilities

Redhat

advisories
rhsa
idRHSA-2013:0574
rpms
  • flash-plugin-0:11.2.202.273-1.el5
  • flash-plugin-0:11.2.202.273-1.el6