Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-2730Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources
Severity
10.0CRITICALNVD
EPSS
79.6%
top 0.91%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedMay 16
Latest updateMay 17

Description

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader38 versions+37
NVDadobe/acrobat38 versions+37

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-43p2-q7g7-857m: Buffer overflow in Adobe Reader and Acrobat 92022-05-17
GHSA
GHSA-qw7w-hcqx-mmvj: Buffer overflow in Adobe Reader and Acrobat 92022-05-17

💥Exploits & PoCs

2
Exploit-DB
AdobeCollabSync - Local Buffer Overflow / Adobe Reader X Sandbox Bypass (Metasploit)2013-05-26
Metasploit
AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass

📋Vendor Advisories

2
Red Hat
acroread: multiple code execution flaws (APSB13-15)2013-05-14
Red Hat
acroread: multiple code execution flaws (APSB13-15)2013-05-14

💬Community

2
Bugzilla
acroread: multiple code execution flaws (APSB13-15)2013-05-14
Bugzilla
Spring Framework: Remote code execution with Expression Language injection2013-01-18
CVE-2013-2730 — Adobe Acrobat vulnerability | cvebase