CVE-2013-0613
published 2013-01-10CVE-2013-0613: Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via…
PriorityP350critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
10.00%
95.0th percentile
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0609.
Affected
64 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
acroread: multiple code execution flaws (APSB13-02)
vendor_redhat·2013-01-08·CVSS 10.0
CVE-2013-0613 [CRITICAL] acroread: multiple code execution flaws (APSB13-02)
acroread: multiple code execution flaws (APSB13-02)
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0609.
Red Hat
acroread: multiple code execution flaws (APSB13-02)
vendor_redhat·2013-01-08·CVSS 10.0
CVE-2013-0609 [CRITICAL] acroread: multiple code execution flaws (APSB13-02)
acroread: multiple code execution flaws (APSB13-02)
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0613.
GHSA
GHSA-mhff-vjcm-vqcc: Integer overflow in Adobe Reader and Acrobat 9
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2013-0609 [CRITICAL] GHSA-mhff-vjcm-vqcc: Integer overflow in Adobe Reader and Acrobat 9
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0613.
GHSA
GHSA-54wq-67fr-m2j9: Integer overflow in Adobe Reader and Acrobat 9
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2013-0613 [CRITICAL] GHSA-54wq-67fr-m2j9: Integer overflow in Adobe Reader and Acrobat 9
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0609.
No detection rules found.
Bugzilla
CVE-2013-0314 GateIn Portal: remote unauthenticated site import
bugzilla·2013-02-21·CVSS 7.5
CVE-2013-0314 [HIGH] CVE-2013-0314 GateIn Portal: remote unauthenticated site import
CVE-2013-0314 GateIn Portal: remote unauthenticated site import
The GateIn Portal Export / Import Gadget allows an export zip to be uploaded and imported to a site without authentication. A remote attacker could use this flaw to modify the content of a site, remove the site or modify access controls applied to portlets in the site.
Discussion:
Acknowledgements:
This issue was discovered by Nick Scavelli of Red Hat.
---
This issue has been addressed in following products:
JBoss Enterprise Portal Platform 5.2.2
Via RHSA-2013:0613 https://rhn.redhat.com/errata/RHSA-2013-0613.html
Bugzilla
CVE-2013-0315 GateIn Portal: XML eXternal Entity (XXE) flaw in site import
bugzilla·2013-02-21·CVSS 5.0
CVE-2013-0315 [MEDIUM] CVE-2013-0315 GateIn Portal: XML eXternal Entity (XXE) flaw in site import
CVE-2013-0315 GateIn Portal: XML eXternal Entity (XXE) flaw in site import
The GateIn Portal Export / Import Gadget is vulnerable to XXE (XML eXternal Entity) attacks. If the XML provided to the import gadget contains an external XML entity, this XML entity will be resolved. A remote attacker who can access the import gadget could use this flaw to read files in the context of the user running the application server.
Discussion:
Acknowledgements:
This issue was discovered by Arun Neelicattu and David Jorm of the Red Hat Security Response Team.
---
This issue has been addressed in following products:
JBoss Enterprise Portal Platform 5.2.2
Via RHSA-2013:0613 https://rhn.redhat.com/errata/RHSA-2013-0613.html
Bugzilla
acroread: multiple code execution flaws (APSB13-02)
bugzilla·2013-01-09·CVSS 10.0
CVE-2012-1530 [CRITICAL] acroread: multiple code execution flaws (APSB13-02)
acroread: multiple code execution flaws (APSB13-02)
Adobe security bulletin APSB13-02 describes multiple security flaws that could cause Adobe Acrobat Reader to crash and potentially allow an attacker to take control of the affected system:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, CVE-2013-0623).
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2013-0602).
These updates resolve heap overflow vulnerabilities that could lead to code execution (CVE-2013-0603, CVE-2013-0604).
These updates resolve stack overflow vulnerabilities that could lead to code execution (CVE-2013-0610, CVE-2013-0626).
These updates r
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00081.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0150.htmlhttp://security.gentoo.org/glsa/glsa-201308-03.xmlhttp://www.adobe.com/support/security/bulletins/apsb13-02.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16461http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00081.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0150.htmlhttp://security.gentoo.org/glsa/glsa-201308-03.xmlhttp://www.adobe.com/support/security/bulletins/apsb13-02.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16461
2013-01-10
Published