CVE-2013-1607
published 2020-02-11CVE-2013-1607: Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.67%
83.9th percentile
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pdfkit_project | pdfkit | < 0.5.3 | 0.5.3 |
| pdfkit_project | pdfkit | >= 0 < 0.5.3 | 0.5.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
cisa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
PDFKit Improper Input Validation vulnerability
osv·2022-05-05
CVE-2013-1607 [CRITICAL] PDFKit Improper Input Validation vulnerability
PDFKit Improper Input Validation vulnerability
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
GHSA
PDFKit Improper Input Validation vulnerability
ghsa·2022-05-05
CVE-2013-1607 [CRITICAL] CWE-20 PDFKit Improper Input Validation vulnerability
PDFKit Improper Input Validation vulnerability
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
CISA
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2017-8540 [HIGH] CWE-119 Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Vulnerability: Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Affected: Microsoft Malware Protection Engine
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-8540
Remediation Due Date: 2022-03-24
No detection rules found.
No public exploits indexed.
2020-02-11
Published