CVE-2013-3346

CRITICAL KEV

Adobe Acrobat and Reader 9.x < 9.5.5, 10.x < 10.1.7, 11.x < 11.0.03 - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-3346 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022. EIP tracks 3 public exploits from researchers including Metasploit, Soroush Dalili, Unknown, sinn3r, juan vazquez, including a Metasploit module exploits/windows/browser/adobe_toolbutton.

AI-analyzed exploit summary This Metasploit module exploits a use-after-free vulnerability in Adobe Reader versions 11.0.2, 10.1.6, and 9.5.4 by manipulating the ToolButton object. It uses a heap spray technique and ROP chains to achieve remote code execution on Windows XP SP3 with Internet Explorer.

Description

Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/30394

This Metasploit module exploits a use-after-free vulnerability in Adobe Reader versions 11.0.2, 10.1.6, and 9.5.4 by manipulating the ToolButton object. It uses a heap spray technique and ROP chains to achieve remote code execution on Windows XP SP3 with Internet Explorer.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 11.0.2, 10.1.6, and 9.5.4
No auth needed
Prerequisites: Target must be using Windows XP SP3 with Internet Explorer and a vulnerable version of Adobe Reader
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Soroush Dalili, Unknown, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_toolbutton.rb

This Metasploit module exploits a use-after-free vulnerability in Adobe Reader versions 11.0.2, 10.1.6, and 9.5.4 by manipulating the ToolButton object via JavaScript embedded in a PDF. The exploit uses heap spraying and ROP chains to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 11.0.2, 10.1.6, and 9.5.4
No auth needed
Prerequisites: Victim must open a malicious PDF file in a vulnerable version of Adobe Reader
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Soroush Dalili, Unknown, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_toolbutton.rb

This Metasploit module exploits a use-after-free vulnerability in Adobe Reader versions 11.0.2, 10.1.6, and 9.5.4 by manipulating the ToolButton object. It uses a heap spray technique and ROP chains to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Reader 9.5.4, 10.1.6, 11.0.2 and prior
No auth needed
Prerequisites: Target must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.8956
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-03-03
VulnCheck KEV 2014-08-07
InTheWild.io 2022-03-03
ENISA EUVD EUVD-2013-3282
CWE
CWE-787
Status published
Products (2)
adobe/acrobat 9.0 - 9.5.5
adobe/acrobat_reader 9.0 - 9.5.5
Published Aug 30, 2013
KEV Added Mar 03, 2022
Tracked Since Feb 18, 2026