← back
CVE-2013-0640

CVE-2013-0640

CVSS 7.8 HIGHEPSS 87.0%● KEVCWE-787
In short

Adobe Reader and Acrobat have a memory corruption flaw that allows attackers to run malicious code or crash the program when you open a specially crafted PDF file. This vulnerability was actively exploited by criminals in early 2013.

Technical detail

Out-of-bounds write vulnerability in Adobe Reader/Acrobat 9.x, 10.x, and 11.x enables remote code execution or denial of service through a malicious PDF document. The attack requires user interaction (opening the PDF) and results in arbitrary code execution with user privileges.

Summary generated and translated by AI from the official description.
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/29881unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.htmlhttp://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0551.htmlhttp://security.gentoo.org/glsa/glsa-201308-03.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0640http://www.adobe.com/support/security/advisories/apsa13-02.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-07.htmlhttp://www.kb.cert.org/vuls/id/422807