KEVIntel
PRO Back to KEVs
9.3
CVSS
High

CVE-2013-0634

PUBLISHED

Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on...

Exploited in the wild PoC available Remote
Vendor
Adobe
Product
Flash Player
Published
Feb 08, 2013
EPSS

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.

windows linux macos android metasploit

CVSS scores

CVSS v2.0 9.3 High

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2013-02-08 11:00:00 UTC · CVE

Proof of concept available

Recorded 2025-04-28 15:02:36 UTC

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE First 2013-02-08 11:00 UTC

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_regex_value.rb Apr 28, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

adobe_flash_regex_value

metasploit · Created Unknown

Metasploit module for CVE-2013-0634

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Proof of Concept Exploit Available

  • Detected by Metasploit