Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code
Adobe Flash Player prior to 11.6.602.171
Several vulnerabilities were reported in Adobe Flash Player.
A remote user can create a specially crafted Flash content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
A buffer overflow may occur in the Flash Player broker service [CVE-2013-0504]. Mark Yason of IBM X-Force reported this vulnerability.
A permission error may occur in the Flash Player Firefox sandbox [CVE-2013-0643].
A flaw may occur in the ExternalInterface ActionScript feature [CVE-2013-0648].
The later two flaws are being actively exploited against Mozilla Firefox.
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.