CVE-2013-0641

HIGH KEV

Adobe Reader/Acrobat <9.5.4-10.1.6-11.0.02 - RCE

Title source: llm

Exploitation Summary

CVE-2013-0641 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022.

Description

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

References (13)

Core 13

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0641

Broken Link, Vendor Advisory x_refsource_confirm

http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/422807

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html

Broken Link x_refsource_misc

http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0551.html

Broken Link x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb13-07.html

Broken Link x_refsource_misc

http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296

Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/advisories/apsa13-02.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201308-03.xml

Scores

CVSS v3 7.8

EPSS 0.8796

EPSS Percentile 99.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-03

VulnCheck KEV 2013-02-13

InTheWild.io 2017-09-19

ENISA EUVD EUVD-2013-0652

CWE

CWE-120

Status published

Products (13)

adobe/acrobat 9.0 - 9.5.4

adobe/acrobat_reader 10.0 - 10.1.6

opensuse/opensuse 11.4

opensuse/opensuse 12.1

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_eus 5.9

redhat/enterprise_linux_eus 6.4

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server_aus 5.9

redhat/enterprise_linux_server_aus 6.4

... and 3 more

Published Feb 14, 2013

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026