CVE-2013-2729

CRITICAL KEV RANSOMWARE

Adobe Reader/Acrobat <9.5.5, <10.1.7, <11.0.03 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-2729 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 28, 2022, with confirmed use in ransomware campaigns. EIP tracks 2 public exploits from researchers including feliam.

AI-analyzed exploit summary This exploit targets a heap corruption vulnerability in Adobe Reader X (10.x) by embedding a maliciously crafted BMP image with RLE encoding. The PoC constructs a minimal PDF file containing the exploit payload to trigger arbitrary code execution within the sandboxed process.

Description

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.

Exploits (2)

exploitdb WORKING POC
by feliam · pythonlocalwindows
https://www.exploit-db.com/exploits/26703

This exploit targets a heap corruption vulnerability in Adobe Reader X (10.x) by embedding a maliciously crafted BMP image with RLE encoding. The PoC constructs a minimal PDF file containing the exploit payload to trigger arbitrary code execution within the sandboxed process.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Reader X 10.1.4.38
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 24 stars
by feliam · remote
https://github.com/feliam/CVE-2013-2729

This repository contains a Python-based exploit for CVE-2013-2729, targeting Adobe Reader X (10.x) via a heap overflow in BMP/RLE image parsing. The exploit generates a malicious PDF with embedded shellcode to achieve arbitrary code execution within the sandboxed process.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader X (10.1.4.38 and earlier)
No auth needed
Prerequisites: Target must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Not Applicable, Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb13-15.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0826.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201308-03.xml

Scores

CVSS v3 9.8
EPSS 0.8961
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-03-28
VulnCheck KEV 2014-08-07
InTheWild.io 2022-03-28
ENISA EUVD EUVD-2013-2668
Ransomware Use Confirmed
CWE
CWE-190
Status published
Products (11)
adobe/acrobat 9.0 - 9.5.5
adobe/acrobat_reader 9.0 - 9.5.5
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_eus 5.9
redhat/enterprise_linux_eus 6.4
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server_aus 5.9
redhat/enterprise_linux_server_aus 6.4
redhat/enterprise_linux_workstation 6.0
suse/linux_enterprise_desktop 10 sp4
... and 1 more
Published May 16, 2013
KEV Added Mar 28, 2022
Tracked Since Feb 18, 2026