Vulnerability Details CVE-2013-0641
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.884
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
Proposed Action
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.
Ransomware Campaign
Unknown
References
- http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
- http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
- http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2013-0551.html
- http://security.gentoo.org/glsa/glsa-201308-03.xml
- http://www.adobe.com/support/security/advisories/apsa13-02.html
- http://www.adobe.com/support/security/bulletins/apsb13-07.html
- http://www.kb.cert.org/vuls/id/422807
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296
- http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
- http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
- http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2013-0551.html
- http://security.gentoo.org/glsa/glsa-201308-03.xml
- http://www.adobe.com/support/security/advisories/apsa13-02.html
- http://www.adobe.com/support/security/bulletins/apsb13-07.html
- http://www.kb.cert.org/vuls/id/422807
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0641
Products affected by CVE-2013-0641
-
cpe:2.3:a:adobe:acrobat:10.0
-
cpe:2.3:a:adobe:acrobat:10.0.1
-
cpe:2.3:a:adobe:acrobat:10.0.2
-
cpe:2.3:a:adobe:acrobat:10.0.3
-
cpe:2.3:a:adobe:acrobat:10.1
-
cpe:2.3:a:adobe:acrobat:10.1.0
-
cpe:2.3:a:adobe:acrobat:10.1.1
-
cpe:2.3:a:adobe:acrobat:10.1.2
-
cpe:2.3:a:adobe:acrobat:10.1.3
-
cpe:2.3:a:adobe:acrobat:10.1.4
-
cpe:2.3:a:adobe:acrobat:10.1.5
-
cpe:2.3:a:adobe:acrobat:11.0
-
cpe:2.3:a:adobe:acrobat:11.0.0
-
cpe:2.3:a:adobe:acrobat:11.0.1
-
cpe:2.3:a:adobe:acrobat:9.0
-
cpe:2.3:a:adobe:acrobat:9.1
-
cpe:2.3:a:adobe:acrobat:9.1.1
-
cpe:2.3:a:adobe:acrobat:9.1.2
-
cpe:2.3:a:adobe:acrobat:9.1.3
-
cpe:2.3:a:adobe:acrobat:9.2
-
cpe:2.3:a:adobe:acrobat:9.3
-
cpe:2.3:a:adobe:acrobat:9.3.1
-
cpe:2.3:a:adobe:acrobat:9.3.2
-
cpe:2.3:a:adobe:acrobat:9.3.3
-
cpe:2.3:a:adobe:acrobat:9.3.4
-
cpe:2.3:a:adobe:acrobat:9.4
-
cpe:2.3:a:adobe:acrobat:9.4.1
-
cpe:2.3:a:adobe:acrobat:9.4.2
-
cpe:2.3:a:adobe:acrobat:9.4.3
-
cpe:2.3:a:adobe:acrobat:9.4.4
-
cpe:2.3:a:adobe:acrobat:9.4.5
-
cpe:2.3:a:adobe:acrobat:9.4.6
-
cpe:2.3:a:adobe:acrobat:9.4.7
-
cpe:2.3:a:adobe:acrobat:9.5
-
cpe:2.3:a:adobe:acrobat:9.5.1
-
cpe:2.3:a:adobe:acrobat:9.5.2
-
cpe:2.3:a:adobe:acrobat:9.5.3
-
cpe:2.3:a:adobe:acrobat_reader:10.0
-
cpe:2.3:a:adobe:acrobat_reader:10.0.1
-
cpe:2.3:a:adobe:acrobat_reader:10.0.2
-
cpe:2.3:a:adobe:acrobat_reader:10.0.3
-
cpe:2.3:a:adobe:acrobat_reader:10.1
-
cpe:2.3:a:adobe:acrobat_reader:10.1.0
-
cpe:2.3:a:adobe:acrobat_reader:10.1.1
-
cpe:2.3:a:adobe:acrobat_reader:10.1.2
-
cpe:2.3:a:adobe:acrobat_reader:10.1.3
-
cpe:2.3:a:adobe:acrobat_reader:10.1.4
-
cpe:2.3:a:adobe:acrobat_reader:10.1.5
-
cpe:2.3:a:adobe:acrobat_reader:11.0
-
cpe:2.3:a:adobe:acrobat_reader:11.0.0
-
cpe:2.3:a:adobe:acrobat_reader:11.0.01
-
cpe:2.3:a:adobe:acrobat_reader:11.0.1
-
cpe:2.3:a:adobe:acrobat_reader:9.0
-
cpe:2.3:a:adobe:acrobat_reader:9.1
-
cpe:2.3:a:adobe:acrobat_reader:9.1.1
-
cpe:2.3:a:adobe:acrobat_reader:9.1.2
-
cpe:2.3:a:adobe:acrobat_reader:9.1.3
-
cpe:2.3:a:adobe:acrobat_reader:9.2
-
cpe:2.3:a:adobe:acrobat_reader:9.3
-
cpe:2.3:a:adobe:acrobat_reader:9.3.1
-
cpe:2.3:a:adobe:acrobat_reader:9.3.2
-
cpe:2.3:a:adobe:acrobat_reader:9.3.3
-
cpe:2.3:a:adobe:acrobat_reader:9.3.4
-
cpe:2.3:a:adobe:acrobat_reader:9.4
-
cpe:2.3:a:adobe:acrobat_reader:9.4.1
-
cpe:2.3:a:adobe:acrobat_reader:9.4.2
-
cpe:2.3:a:adobe:acrobat_reader:9.4.3
-
cpe:2.3:a:adobe:acrobat_reader:9.4.4
-
cpe:2.3:a:adobe:acrobat_reader:9.4.5
-
cpe:2.3:a:adobe:acrobat_reader:9.4.6
-
cpe:2.3:a:adobe:acrobat_reader:9.4.7
-
cpe:2.3:a:adobe:acrobat_reader:9.5
-
cpe:2.3:a:adobe:acrobat_reader:9.5.1
-
cpe:2.3:a:adobe:acrobat_reader:9.5.2
-
cpe:2.3:a:adobe:acrobat_reader:9.5.3
-
cpe:2.3:o:apple:mac_os_x:-
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:opensuse:opensuse:11.4
-
cpe:2.3:o:opensuse:opensuse:12.1
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:5.9
-
cpe:2.3:o:redhat:enterprise_linux_eus:6.4
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
-
cpe:2.3:o:suse:linux_enterprise_desktop:10
-
cpe:2.3:o:suse:linux_enterprise_desktop:11