CVE-2013-2730

Adobe Reader/Acrobat <9.5.5, <10.1.7, <11.0.03 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2013-2730. PoCs published by Metasploit, feliam, Felipe Andres Manzano, juan vazquez, including Metasploit module exploits/windows/local/adobe_sandbox_adobecollabsync.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in AdobeCollabSync to bypass the Adobe Reader X sandbox, escalating from Low to Medium Integrity Level. It uses ROP gadgets and registry manipulation to achieve code execution.

Description

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/25725

This Metasploit module exploits a buffer overflow in AdobeCollabSync to bypass the Adobe Reader X sandbox, escalating from Low to Medium Integrity Level. It uses ROP gadgets and registry manipulation to achieve code execution.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader X 10.1.4
No auth needed
Prerequisites: Adobe Reader X 10.1.4 on Windows 7 SP1 · Low Integrity AcroRd32.exe process
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 10 stars
by feliam · poc
https://github.com/feliam/CVE-2013-2730

This repository contains a proof-of-concept exploit for CVE-2013-2730, targeting Adobe Reader. The exploit uses reflective DLL injection and ROP (Return-Oriented Programming) techniques to achieve arbitrary code execution by leveraging a vulnerability in Adobe Reader's handling of the 'DoCollab' function.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 10.0
No auth needed
Prerequisites: Vulnerable version of Adobe Reader installed · Ability to deliver the malicious payload to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Felipe Andres Manzano, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb

This Metasploit module exploits a buffer overflow in AdobeCollabSync to bypass the Adobe Reader X sandbox, escalating from Low to Medium Integrity Level. It leverages registry manipulation and ROP gadgets to achieve code execution.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader X 10.1.4
No auth needed
Prerequisites: Adobe Reader X 10.1.4 on Windows 7 SP1 · Low Integrity AcroRd32.exe process
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0826.html
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb13-15.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/59923
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16631
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201308-03.xml

Scores

EPSS 0.7876
EPSS Percentile 99.5%

Details

CWE
CWE-119
Status published
Products (33)
adobe/acrobat 10.0 (2 CPE variants)
adobe/acrobat 10.0.1 (2 CPE variants)
adobe/acrobat 10.0.2
adobe/acrobat 10.0.3
adobe/acrobat 10.1
adobe/acrobat 10.1.1
adobe/acrobat 10.1.2
adobe/acrobat 10.1.3
adobe/acrobat 10.1.4
adobe/acrobat 10.1.5
... and 23 more
Published May 16, 2013
Tracked Since Feb 18, 2026