Vulnerability Details : CVE-2013-2729
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-2729
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
CVE-2013-2729 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2013-2729
Added on
2022-03-28
Action due date
2022-04-18
Exploit prediction scoring system (EPSS) score for CVE-2013-2729
73.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2729
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-09 |
CWE ids for CVE-2013-2729
-
Assigned by: nvd@nist.gov (Primary)
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2729
-
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html
[security-announce] SUSE-SU-2013:0809-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0826.html
RHSA-2013:0826 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-201308-03.xml
Adobe Reader: Multiple vulnerabilities (GLSA 201308-03) — Gentoo securityThird Party Advisory
-
http://www.adobe.com/support/security/bulletins/apsb13-15.html
Adobe - Security Bulletins: APSB13-15 - Security updates for Adobe Reader and AcrobatNot Applicable;Patch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16717
Repository / Oval RepositoryBroken Link
Jump to