Adobe Flash Player SWF Content Regular Expression Heap Overflow

Added: 02/21/2013
CVE: CVE-2013-0634
BID: 57788
OSVDB: 89936


Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.


The ActiveX version of Adobe Flash Player on Windows is vulnerable to heap buffer overflow because it does not properly validate user-supplied input when handling regular expressions in Flash (SWF) content. A remote attacker who persuades a user to open a specially crafted Microsoft Word Document containing SWF content could possibly execute arbitrary code in the context of the user.


Upgrade to Adobe Flash Player (in the 10.x range) or 11.5.502.149 or higher on Windows systems.



This exploit was tested against Adobe Flash Player 11.5.502.146 on Windows XP SP3 English (with DEP OptIn) and Windows 7 SP1 (with DEP OptIn).

The user must open the exploit file in Internet Explorer 8 or 9 on the target.



Back to exploit index