CVE-2013-3346

CRITICAL KEV

Adobe Acrobat < 9.5.5 - Out-of-Bounds Write

Title source: rule

Description

Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/30394
metasploit WORKING POC NORMAL
by Soroush Dalili, Unknown, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_toolbutton.rb
metasploit WORKING POC NORMAL
by Soroush Dalili, Unknown, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_toolbutton.rb

References (4)

Scores

CVSS v3 9.8
EPSS 0.8968
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-03
VulnCheck KEV 2014-08-07
InTheWild.io 2022-03-03
ENISA EUVD EUVD-2013-3282
CWE
CWE-787
Status published
Products (2)
adobe/acrobat 9.0 - 9.5.5
adobe/acrobat_reader 9.0 - 9.5.5
Published Aug 30, 2013
KEV Added Mar 03, 2022
Tracked Since Feb 18, 2026