What is CVE-2013-0648?

CVE-2013-0648 is a vulnerability in N/a. Published 2013-02-27.

Is CVE-2013-0648 known to be exploited?

Yes. CVE-2013-0648 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-09-17), indicating it is being actively exploited.

Vulnerability in N/a

CVE-2013-0648

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allo…

EPSS: 0.555 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2024-09-17. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2024-10-08.

Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

References

RHSA-2013:0574 (x_refsource_REDHAT, vendor-advisory)
www.adobe.com/support/security/bulletins/apsb13-08.html (x_refsource_CONFIRM)
SUSE-SU-2013:0373 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2013:0359 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2013:0360 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2013-0648?: CVE-2013-0648 is a vulnerability in N/a. Published 2013-02-27.
Is CVE-2013-0648 known to be exploited?: Yes. CVE-2013-0648 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-09-17), indicating it is being actively exploited.