Vulnerability: Multiple vulnerabilities in Adobe Flash Player
Severity Rating: Critical
Number of vulnerabilities: 3
CVE ID: CVE-2013-0643
Vector of operation: Remote
Impact: Security Bypass, System compromise
Affected Products: Adobe Flash Player 11.x
Adobe Flash Player 11.6.602.168 and earlier versions for Windows
Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh
Adobe Flash Player 18.104.22.1680 and earlier versions for Linux.
Which can be exploited by malicious people to compromise a vulnerable system.
1. The vulnerability is caused due to an error related to permissions in the sandpit expansion Flash Player for Firefox. This can be exploited to bypass security restrictions on the target system.
2. An error in the function ExternalInterface ActionScript. A remote user can execute arbitrary code on the target system.
Note: Vulnerabilities number 1 and 2 in active use today.
3. An error in the service broker. A remote user can execute arbitrary code on the target system.
Manufacturer URL: http://www.adobe.com/
Solution: The way to eliminate the vulnerability does not exist at present.