CVE-2013-2549 — Code Injection in Adobe Acrobat Reader

CWE-94 — Code Injection5 documents4 sources

Severity

7.5HIGHNVD

EPSS

5.4%

top 9.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Reader

Timeline

PublishedMar 11

Latest updateMay 17

Description

Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDadobe/acrobat_reader11.0.02

🔴Vulnerability Details

GHSA

GHSA-f39f-hvgr-fwwx: Unspecified vulnerability in Adobe Reader 11↗2022-05-17

▶

📋Vendor Advisories

Red Hat

acroread: Unspecified vulnerability allows remote attackers to execute arbitrary code (CanSecWest 2013)↗2013-03-07

▶

💬Community

Bugzilla

acroread: multiple code execution flaws (APSB13-15)↗2013-05-14

▶

Bugzilla

CVE-2013-2549 acroread: Unspecified vulnerability allows remote attackers to execute arbitrary code (CanSecWest 2013)↗2013-03-11

▶