CVE-2013-0643 - Adobe Flash Player Incorrect Default Permissions Vulnerability

Adobe | Flash Player

• Date Added:
• 2024-09-17

• Due Date:
• 2024-10-08

Vulnerability Name

Adobe Flash Player Incorrect Default Permissions Vulnerability

Description

Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Additional Notes

https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0643

Top Security News

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

Garmin GPS watches crashing, stuck in triangle 'reboot loop'

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

Microsoft fixes exploited zero-day (CVE-2024-49138)

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

DeepSeek Jailbreak Reveals Its Entire System Prompt

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Windows Server 2025 released—here are the new features

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Top CVE List

CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2015-6175 Microsoft Windows Kernel Privilege Escalation Vulnerability

CVE-2024-28986 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

CVE-2024-38217 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2012-5076 Oracle Java SE Sandbox Bypass Vulnerability

Common CWEs

CWE-1293 Missing Source Correlation of Multiple Independent Data

CWE-132 DEPRECATED: Miscalculated Null Termination

HighCWE-467 Use of sizeof() on a Pointer Type

CWE-791 Incomplete Filtering of Special Elements

CWE-326 Inadequate Encryption Strength

CWE-1082 Class Instance Self Destruction Control Element

CWE-561 Dead Code

CWE-1263 Improper Physical Access Control

CWE-781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

CWE-914 Improper Control of Dynamically-Identified Variables