CVE-2013-0641

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
adobeCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
adobeacrobat
9.0 ≤
𝑥
< 9.5.4
adobeacrobat
10.0 ≤
𝑥
< 10.1.6
adobeacrobat
11.0 ≤
𝑥
< 11.0.02
adobeacrobat_reader
10.0 ≤
𝑥
< 10.1.6
adobeacrobat_reader
11.0 ≤
𝑥
< 11.0.02
adobeacrobat_reader
9.0 ≤
𝑥
< 9.5.4
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_eus
5.9
redhatenterprise_linux_eus
6.4
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server_aus
5.9
redhatenterprise_linux_server_aus
6.4
redhatenterprise_linux_workstation
6.0
opensuseopensuse
11.4
opensuseopensuse
12.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
acroread
quantal
Fixed 9.5.4-1quantal1
released
precise
Fixed 9.5.4-1precise1
released
oneiric
Fixed 9.5.4-1oneiric1
released
lucid
Fixed 9.5.4-1lucid1
released
hardy
ignored
Common Weakness Enumeration
References
http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html
http://rhn.redhat.com/errata/RHSA-2013-0551.html
http://security.gentoo.org/glsa/glsa-201308-03.xml
http://www.adobe.com/support/security/advisories/apsa13-02.html
http://www.adobe.com/support/security/bulletins/apsb13-07.html
http://www.kb.cert.org/vuls/id/422807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296
http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html
http://rhn.redhat.com/errata/RHSA-2013-0551.html
http://security.gentoo.org/glsa/glsa-201308-03.xml
http://www.adobe.com/support/security/advisories/apsa13-02.html
http://www.adobe.com/support/security/bulletins/apsb13-07.html
http://www.kb.cert.org/vuls/id/422807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0641