⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2013-0640Out-of-bounds Write in Adobe Acrobat

CWE-787Out-of-bounds Write9 documents9 sources
Severity
7.8HIGHNVD
EPSS
92.4%
top 0.27%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
9
Adobe AcrobatAdobe Acrobat ReaderOpensuse+6 more
Timeline
PublishedFeb 14
KEV addedMar 3
KEV dueMar 24
Latest updateMay 17
CISA Required Action: Apply updates per vendor instructions.

Description

Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDadobe/acrobat_reader10.010.1.6+2
NVDadobe/acrobat9.09.5.4+2
NVDopensuse/opensuse11.4, 12.1+1

Also affects: Enterprise Linux 5.9, 6.4

🔴Vulnerability Details

3
GHSA
GHSA-5mvv-qmf3-7p25: Adobe Reader and Acrobat 92022-05-17
CVEList
CVE-2013-0640: Adobe Reader and Acrobat 92013-02-14
VulnCheck
Adobe Reader and Acrobat Memory Corruption Vulnerability2013

💥Exploits & PoCs

1
Exploit-DB
Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass2013-11-28

📋Vendor Advisories

2
CISA
Adobe Reader and Acrobat Memory Corruption Vulnerability2022-03-03
Red Hat
acroread: Multiple unspecified vulnerabilities allow remote attackers to execute arbitrary code (APSB13-07)2013-02-13

🕵️Threat Intelligence

1
Zscaler
Spearphishing Connects PCs To Russian Botnet | Zscaler2014-05-16

💬Community

1
Bugzilla
CVE-2013-0640 CVE-2013-0641 acroread: Multiple unspecified vulnerabilities allow remote attackers to execute arbitrary code (APSB13-07)2013-02-14
CVE-2013-0640 — Out-of-bounds Write in Adobe Acrobat | cvebase