CVE-2013-0640

HIGH KEV

Adobe Reader/Acrobat <9.5.4-10.1.6-11.0.02 - RCE

Title source: llm

Exploitation Summary

CVE-2013-0640 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022. EIP tracks 1 public exploit from researchers including w3bd3vil & abh1sek.

AI-analyzed exploit summary This is a Ruby-based exploit for CVE-2013-0640, targeting Adobe Acrobat Reader versions 9.5 to 11.0.1. It bypasses ASLR/DEP and sandbox protections by embedding a malicious payload into a PDF file.

Description

Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.

Exploits (1)

exploitdb WORKING POC VERIFIED

by w3bd3vil & abh1sek · textlocalwindows

https://www.exploit-db.com/exploits/29881

View Code ZIP pw:eip

This is a Ruby-based exploit for CVE-2013-0640, targeting Adobe Acrobat Reader versions 9.5 to 11.0.1. It bypasses ASLR/DEP and sandbox protections by embedding a malicious payload into a PDF file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Adobe Acrobat Reader 9.5, 10.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 11.0.0, 11.0.1

No auth needed

Prerequisites: Ruby 1.9.x · Gems: origami, metasm · Windows environment · Input PDF (optional) · PE executable payload

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0640

Broken Link x_refsource_confirm

http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/422807

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html

Broken Link x_refsource_misc

http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0551.html

Broken Link x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb13-07.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html

Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/advisories/apsa13-02.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201308-03.xml

Scores

CVSS v3 7.8

EPSS 0.9225

EPSS Percentile 99.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-03

VulnCheck KEV 2013-02-13

InTheWild.io 2017-09-19

ENISA EUVD EUVD-2013-0651

CWE

CWE-787

Status published

Products (13)

adobe/acrobat 9.0 - 9.5.4

adobe/acrobat_reader 10.0 - 10.1.6

opensuse/opensuse 11.4

opensuse/opensuse 12.1

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_eus 5.9

redhat/enterprise_linux_eus 6.4

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server_aus 5.9

redhat/enterprise_linux_server_aus 6.4

... and 3 more

Published Feb 14, 2013

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026