Vulnerability Details : CVE-2013-0641
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-0641
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
CVE-2013-0641 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Reader Buffer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2013-0641
Added on
2022-03-03
Action due date
2022-03-24
Exploit prediction scoring system (EPSS) score for CVE-2013-0641
77.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0641
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-07-16 |
CWE ids for CVE-2013-0641
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0641
-
http://www.adobe.com/support/security/bulletins/apsb13-07.html
Adobe - Security Bulletins: APSB13-07 - Security updates for Adobe Reader and AcrobatBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html
[security-announce] openSUSE-SU-2013:0335-1: critical: acroread to 9.5.4Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html
[security-announce] SUSE-SU-2013:0349-1: important: Security update forMailing List;Third Party Advisory
-
http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
Adobe Product Security Incident Response Team (PSIRT) BlogBroken Link;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0551.html
RHSA-2013:0551 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
FireEye Blog - Threat Research and Analysis | FireEyeBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296
Repository / Oval RepositoryBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html
[security-announce] openSUSE-SU-2013:0342-1: critical: acroread to 9.5.4Mailing List;Third Party Advisory
-
http://www.kb.cert.org/vuls/id/422807
VU#422807 - Adobe Reader and Acrobat memory corruption vulnerabilitiesThird Party Advisory;US Government Resource
-
http://security.gentoo.org/glsa/glsa-201308-03.xml
Adobe Reader: Multiple vulnerabilities (GLSA 201308-03) — Gentoo securityThird Party Advisory
-
http://www.adobe.com/support/security/advisories/apsa13-02.html
Adobe - Security Advisories: APSA13-02 - Security Advisory for Adobe Reader and AcrobatVendor Advisory
-
http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit
Digging Into the Sandbox-Escape Technique of the Recent PDF Exploit | McAfee BlogsBroken Link
Jump to