⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2013-0641Classic Buffer Overflow in Adobe Acrobat

CWE-120Classic Buffer Overflow7 documents7 sources
Severity
7.8HIGHNVD
EPSS
88.0%
top 0.52%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
9
Adobe AcrobatAdobe Acrobat ReaderOpensuse+6 more
Timeline
PublishedFeb 14
KEV addedMar 3
KEV dueMar 24
Latest updateMay 17
CISA Required Action: Apply updates per vendor instructions.

Description

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDadobe/acrobat_reader10.010.1.6+2
NVDadobe/acrobat9.09.5.4+2
NVDopensuse/opensuse11.4, 12.1+1

Also affects: Enterprise Linux 5.9, 6.4

🔴Vulnerability Details

3
GHSA
GHSA-3xgg-69w3-vvww: Buffer overflow in Adobe Reader and Acrobat 92022-05-17
CVEList
CVE-2013-0641: Buffer overflow in Adobe Reader and Acrobat 92013-02-14
VulnCheck
Adobe Reader Buffer Overflow Vulnerability2013

📋Vendor Advisories

2
CISA
Adobe Reader Buffer Overflow Vulnerability2022-03-03
Red Hat
acroread: Multiple unspecified vulnerabilities allow remote attackers to execute arbitrary code (APSB13-07)2013-02-13

💬Community

1
Bugzilla
CVE-2013-0640 CVE-2013-0641 acroread: Multiple unspecified vulnerabilities allow remote attackers to execute arbitrary code (APSB13-07)2013-02-14
CVE-2013-0641 — Classic Buffer Overflow in Adobe | cvebase