cbcvebase.
CVE-2013-0641
published 2013-02-14

CVE-2013-0641: Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via…

PriorityP181high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-03-24
Exploited in the wild
EPSS
32.45%
98.1th percentile
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

Affected

17 ranges
VendorProductVersion rangeFixed in
adobeacrobat>= 10.0 < 10.1.610.1.6
adobeacrobat>= 11.0 < 11.0.0211.0.02
adobeacrobat>= 9.0 < 9.5.49.5.4
adobeacrobat_reader>= 10.0 < 10.1.610.1.6
adobeacrobat_reader>= 11.0 < 11.0.0211.0.02
adobeacrobat_reader>= 9.0 < 9.5.49.5.4
opensuseopensuse
opensuseopensuse
redhatenterprise_linux_desktop
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_server
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_aus
redhatenterprise_linux_workstation
suselinux_enterprise_desktop
suselinux_enterprise_desktop

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability was exploited in the wild via crafted PDF documents delivered to targets, suggesting malicious PDF files as the attack vector
  • CVE-2013-0641 was exploited alongside CVE-2013-0640 in the same campaign; detections should account for both CVEs being used together
  • FireEye published research on the in-the-wild exploitation campaign; refer to http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html for additional campaign-level IOCs
  • ·Affected versions are Adobe Reader/Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02; detections should target these version ranges
  • ·Red Hat Enterprise Linux 5 and 6 shipped vulnerable versions of acroread; patch via RHSA-2013:0551

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.