Vulnerability Details CVE-2013-0640
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.926
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
Proposed Action
An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.
Ransomware Campaign
Unknown
References
- http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
- http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2013-0551.html
- http://security.gentoo.org/glsa/glsa-201308-03.xml
- http://www.adobe.com/support/security/advisories/apsa13-02.html
- http://www.adobe.com/support/security/bulletins/apsb13-07.html
- http://www.kb.cert.org/vuls/id/422807
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406
- http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
- http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2013-0551.html
- http://security.gentoo.org/glsa/glsa-201308-03.xml
- http://www.adobe.com/support/security/advisories/apsa13-02.html
- http://www.adobe.com/support/security/bulletins/apsb13-07.html
- http://www.kb.cert.org/vuls/id/422807
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406
Products affected by CVE-2013-0640
-
cpe:2.3:a:adobe:acrobat:10.0
-
cpe:2.3:a:adobe:acrobat:10.0.1
-
cpe:2.3:a:adobe:acrobat:10.0.2
-
cpe:2.3:a:adobe:acrobat:10.0.3
-
cpe:2.3:a:adobe:acrobat:10.1
-
cpe:2.3:a:adobe:acrobat:10.1.0
-
cpe:2.3:a:adobe:acrobat:10.1.1
-
cpe:2.3:a:adobe:acrobat:10.1.2
-
cpe:2.3:a:adobe:acrobat:10.1.3
-
cpe:2.3:a:adobe:acrobat:10.1.4
-
cpe:2.3:a:adobe:acrobat:10.1.5
-
cpe:2.3:a:adobe:acrobat:11.0
-
cpe:2.3:a:adobe:acrobat:11.0.0
-
cpe:2.3:a:adobe:acrobat:11.0.1
-
cpe:2.3:a:adobe:acrobat:9.0
-
cpe:2.3:a:adobe:acrobat:9.1
-
cpe:2.3:a:adobe:acrobat:9.1.1
-
cpe:2.3:a:adobe:acrobat:9.1.2
-
cpe:2.3:a:adobe:acrobat:9.1.3
-
cpe:2.3:a:adobe:acrobat:9.2
-
cpe:2.3:a:adobe:acrobat:9.3
-
cpe:2.3:a:adobe:acrobat:9.3.1
-
cpe:2.3:a:adobe:acrobat:9.3.2
-
cpe:2.3:a:adobe:acrobat:9.3.3
-
cpe:2.3:a:adobe:acrobat:9.3.4
-
cpe:2.3:a:adobe:acrobat:9.4
-
cpe:2.3:a:adobe:acrobat:9.4.1
-
cpe:2.3:a:adobe:acrobat:9.4.2
-
cpe:2.3:a:adobe:acrobat:9.4.3
-
cpe:2.3:a:adobe:acrobat:9.4.4
-
cpe:2.3:a:adobe:acrobat:9.4.5
-
cpe:2.3:a:adobe:acrobat:9.4.6
-
cpe:2.3:a:adobe:acrobat:9.4.7
-
cpe:2.3:a:adobe:acrobat:9.5
-
cpe:2.3:a:adobe:acrobat:9.5.1
-
cpe:2.3:a:adobe:acrobat:9.5.2
-
cpe:2.3:a:adobe:acrobat:9.5.3
-
cpe:2.3:a:adobe:acrobat_reader:10.0
-
cpe:2.3:a:adobe:acrobat_reader:10.0.1
-
cpe:2.3:a:adobe:acrobat_reader:10.0.2
-
cpe:2.3:a:adobe:acrobat_reader:10.0.3
-
cpe:2.3:a:adobe:acrobat_reader:10.1
-
cpe:2.3:a:adobe:acrobat_reader:10.1.0
-
cpe:2.3:a:adobe:acrobat_reader:10.1.1
-
cpe:2.3:a:adobe:acrobat_reader:10.1.2
-
cpe:2.3:a:adobe:acrobat_reader:10.1.3
-
cpe:2.3:a:adobe:acrobat_reader:10.1.4
-
cpe:2.3:a:adobe:acrobat_reader:10.1.5
-
cpe:2.3:a:adobe:acrobat_reader:11.0
-
cpe:2.3:a:adobe:acrobat_reader:11.0.0
-
cpe:2.3:a:adobe:acrobat_reader:11.0.01
-
cpe:2.3:a:adobe:acrobat_reader:11.0.1
-
cpe:2.3:a:adobe:acrobat_reader:9.0
-
cpe:2.3:a:adobe:acrobat_reader:9.1
-
cpe:2.3:a:adobe:acrobat_reader:9.1.1
-
cpe:2.3:a:adobe:acrobat_reader:9.1.2
-
cpe:2.3:a:adobe:acrobat_reader:9.1.3
-
cpe:2.3:a:adobe:acrobat_reader:9.2
-
cpe:2.3:a:adobe:acrobat_reader:9.3
-
cpe:2.3:a:adobe:acrobat_reader:9.3.1
-
cpe:2.3:a:adobe:acrobat_reader:9.3.2
-
cpe:2.3:a:adobe:acrobat_reader:9.3.3
-
cpe:2.3:a:adobe:acrobat_reader:9.3.4
-
cpe:2.3:a:adobe:acrobat_reader:9.4
-
cpe:2.3:a:adobe:acrobat_reader:9.4.1
-
cpe:2.3:a:adobe:acrobat_reader:9.4.2
-
cpe:2.3:a:adobe:acrobat_reader:9.4.3
-
cpe:2.3:a:adobe:acrobat_reader:9.4.4
-
cpe:2.3:a:adobe:acrobat_reader:9.4.5
-
cpe:2.3:a:adobe:acrobat_reader:9.4.6
-
cpe:2.3:a:adobe:acrobat_reader:9.4.7
-
cpe:2.3:a:adobe:acrobat_reader:9.5
-
cpe:2.3:a:adobe:acrobat_reader:9.5.1
-
cpe:2.3:a:adobe:acrobat_reader:9.5.2
-
cpe:2.3:a:adobe:acrobat_reader:9.5.3
-
cpe:2.3:o:apple:mac_os_x:-
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:opensuse:opensuse:11.4
-
cpe:2.3:o:opensuse:opensuse:12.1
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:5.9
-
cpe:2.3:o:redhat:enterprise_linux_eus:6.4
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
-
cpe:2.3:o:suse:linux_enterprise_desktop:10
-
cpe:2.3:o:suse:linux_enterprise_desktop:11