CVE-2013-2729

CRITICAL KEV RANSOMWARE

Adobe Reader/Acrobat <9.5.5, <10.1.7, <11.0.03 - RCE

Title source: llm

Description

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.

Exploits (2)

exploitdb WORKING POC

by feliam · pythonlocalwindows

https://www.exploit-db.com/exploits/26703

View Code ZIP pw:eip

nomisec WORKING POC 24 stars

by feliam · remote

https://github.com/feliam/CVE-2013-2729

View Code ZIP pw:eip

References (7)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2013-0826.html

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201308-03.xml

[Not Applicable, Patch, Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb13-15.html

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16717

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2729

[Issue Tracking] https://github.com/cisagov/vulnrichment/issues/199

Scores

CVSS v3 9.8

EPSS 0.8961

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-28

VulnCheck KEV 2014-08-07

InTheWild.io 2022-03-28

ENISA EUVD EUVD-2013-2668

Ransomware Use Confirmed

CWE

CWE-190

Status published

Products (11)

adobe/acrobat 9.0 - 9.5.5

adobe/acrobat_reader 9.0 - 9.5.5

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_eus 5.9

redhat/enterprise_linux_eus 6.4

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server_aus 5.9

redhat/enterprise_linux_server_aus 6.4

redhat/enterprise_linux_workstation 6.0

suse/linux_enterprise_desktop 10 sp4

... and 1 more

Published May 16, 2013

KEV Added Mar 28, 2022

Tracked Since Feb 18, 2026