CVE-2013-0641
published 2013-02-14CVE-2013-0641: Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via…
PriorityP181high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-03-24
Exploited in the wild
EPSS
32.45%
98.1th percentile
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | >= 10.0 < 10.1.6 | 10.1.6 |
| adobe | acrobat | >= 11.0 < 11.0.02 | 11.0.02 |
| adobe | acrobat | >= 9.0 < 9.5.4 | 9.5.4 |
| adobe | acrobat_reader | >= 10.0 < 10.1.6 | 10.1.6 |
| adobe | acrobat_reader | >= 11.0 < 11.0.02 | 11.0.02 |
| adobe | acrobat_reader | >= 9.0 < 9.5.4 | 9.5.4 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_desktop | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability was exploited in the wild via crafted PDF documents delivered to targets, suggesting malicious PDF files as the attack vector ↗
- →CVE-2013-0641 was exploited alongside CVE-2013-0640 in the same campaign; detections should account for both CVEs being used together ↗
- →FireEye published research on the in-the-wild exploitation campaign; refer to http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html for additional campaign-level IOCs ↗
- ·Affected versions are Adobe Reader/Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02; detections should target these version ranges ↗
- ·Red Hat Enterprise Linux 5 and 6 shipped vulnerable versions of acroread; patch via RHSA-2013:0551 ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Adobe Reader Buffer Overflow Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2013-0641 [HIGH] CWE-120 Adobe Reader Buffer Overflow Vulnerability
Vulnerability: Adobe Reader Buffer Overflow Vulnerability
Affected: Adobe Reader
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-0641
Remediation Due Date: 2022-03-24
Red Hat
acroread: Multiple unspecified vulnerabilities allow remote attackers to execute arbitrary code (APSB13-07)
vendor_redhat·2013-02-13·CVSS 7.8
CVE-2013-0641 [HIGH] acroread: Multiple unspecified vulnerabilities allow remote attackers to execute arbitrary code (APSB13-07)
acroread: Multiple unspecified vulnerabilities allow remote attackers to execute arbitrary code (APSB13-07)
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
Statement: This issue affects the version of Adobe Acroread as shipped with Red Hat Enterprise Linux 5 and 6. Updates will be released as soon as they are made generally available by Adobe.
GHSA
GHSA-3xgg-69w3-vvww: Buffer overflow in Adobe Reader and Acrobat 9
ghsa_unreviewed·2022-05-17
CVE-2013-0641 [HIGH] CWE-120 GHSA-3xgg-69w3-vvww: Buffer overflow in Adobe Reader and Acrobat 9
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
VulnCheck
Adobe Reader Buffer Overflow Vulnerability
vulncheck·2013·CVSS 7.8
CVE-2013-0641 [HIGH] CWE-120 Adobe Reader Buffer Overflow Vulnerability
Adobe Reader Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.
Affected: Adobe Acrobat and Reader
Required Action: Apply updates per vendor instructions.
Exploitation References: https://nvd.nist.gov/vuln/detail/CVE-2013-0641; https://www.fireeye.com/blog/threat-research/2013/02/the-number-of-the-beast.html; https://www.cve.org/CVERecord?id=CVE-2013-0641; https://cisa.gov/news-events/alerts/2013/02/14/adobe-releases-security-updates-adobe-reader-and-acrobat; https://securelist.com/new-uyghur-and-tibetan-themed-attacks-using-pdf-exploits/35465/; https://www.recordedfuture.com/russian-apt-toolkits; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation D
No detection rules found.
No public exploits indexed.
http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.htmlhttp://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.htmlhttp://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploithttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0551.htmlhttp://security.gentoo.org/glsa/glsa-201308-03.xmlhttp://www.adobe.com/support/security/advisories/apsa13-02.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-07.htmlhttp://www.kb.cert.org/vuls/id/422807https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.htmlhttp://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.htmlhttp://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploithttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0551.htmlhttp://security.gentoo.org/glsa/glsa-201308-03.xmlhttp://www.adobe.com/support/security/advisories/apsa13-02.htmlhttp://www.adobe.com/support/security/bulletins/apsb13-07.htmlhttp://www.kb.cert.org/vuls/id/422807https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0641
2013-02-14
Published
2022-03-03
Added to CISA KEV
Exploited in the wild