CVE-2013-1302 is a vulnerability in Adobe Shockwave Player that was discovered in February 2013. An attacker could exploit this vulnerability by tricking a user into opening a malicious Shockwave file, which would allow the attacker to execute arbitrary code on the victim's system. The vulnerability affects Shockwave Player versions 11.6.7.637 and earlier on Windows and Mac OS X.
The vulnerability was rated critical by Adobe, as it allowed an attacker to take complete control of a victim's system. Adobe released a security update (version 12.0.0.112) on March 12, 2013, which addressed the vulnerability. Users were advised to update their Shockwave Player software as soon as possible to mitigate the risk of exploitation.
Shortly after the release of the security update, researchers from FireEye reported that the website for the Council on Foreign Relations had been compromised and was serving a malicious Shockwave file that exploited the CVE-2013-1302 vulnerability. This attack was part of a larger cyber espionage campaign targeting several organizations, including government agencies and non-profit groups. The attackers used spear-phishing emails to deliver the malicious files and gain access to sensitive information. The Council on Foreign Relations took their website offline temporarily to address the issue.