CVE-2013-0641
CVE-2013-0641
In short
A flaw in Adobe Reader and Acrobat allows attackers to run malicious code on your computer by sending you a specially crafted PDF file. This vulnerability was actively exploited in real-world attacks in February 2013.
Technical detail
Buffer overflow vulnerability in Adobe Reader/Acrobat versions 9.x, 10.x, and 11.x triggered via malformed PDF documents. Remote code execution is achieved without user interaction beyond opening the crafted PDF; the vulnerability affects memory handling in PDF parsing routines.
Summary generated and translated by AI from the official description.
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.htmlhttp://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.htmlhttp://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploithttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0551.htmlhttp://security.gentoo.org/glsa/glsa-201308-03.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0641http://www.adobe.com/support/security/advisories/apsa13-02.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-07.html