Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player prior to 10.3.183.67 and 11.x prior to 11.6.602.171 on Windows and Mac OS X, and prior to 10.3.183.67 and 11.x prior to 11.2.202.273 on Linux, allows remote malicious users to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe flash_player |
Two out of three threats are dangerous, being used in wild
Adobe published a critical Flash Player update on Tuesday to fix three exploits, two of which are under active attack by hackers. Two of the three vulnerabilities are being used by nefarious folk, Adobe said, and one of these two explicitly targets the Firefox browser. Adobe introduced the Flash Player sandbox a year ago to protect Firefox users from vulnerabilities in Flash. It appears this is now being targeted for permission escalation attacks. "Adobe is aware of reports that CVE-2013-0643 a...