← back
CVE-2013-3346

CVE-2013-3346

CVSS 8.8 HIGHEPSS 78.6%● KEVCWE-787
In short

Adobe Reader and Acrobat versions 9, 10, and 11 contain a memory corruption flaw that allows attackers to run malicious code or crash the application by opening a specially crafted document. This is a critical vulnerability because these are widely used applications for viewing PDF files.

Technical detail

Out-of-bounds write vulnerability (CWE-787) in Adobe Reader/Acrobat 9.x, 10.x, and 11.x triggered via unspecified vectors in PDF processing. Exploitation requires user interaction (opening a malicious PDF), but results in arbitrary code execution with application privileges or denial of service through memory corruption.

Summary generated and translated by AI from the official description.
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/30394unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/cisagov/vulnrichment/issues/199https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19054https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3346http://www.adobe.com/support/security/bulletins/apsb13-15.html