CVE-2013-0641
KEV
🔴 Łataj teraz
Przepełnienie bufora w Adobe Reader i Acrobat umożliwia zdalne wykonanie kodu przez złośliwy PDF.
CVSS
7.8
EPSS
88.0%
Exploit
weaponized
Vendor
redhat
Opis źródłowy (NVD)
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
buffer-overflow
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 88.0% |
| Opublikowano (NVD) | 2013-02-14 01:55:02 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 21:01:28 UTC |
Referencje
- http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html (psirt@adobe.com) [Broken Link]
- http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html (psirt@adobe.com) [Broken Link, Vendor Advisory]
- http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit (psirt@adobe.com) [Broken Link]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html (psirt@adobe.com) [Mailing List, Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2013-0551.html (psirt@adobe.com) [Third Party Advisory]
- http://security.gentoo.org/glsa/glsa-201308-03.xml (psirt@adobe.com) [Third Party Advisory]
- http://www.adobe.com/support/security/advisories/apsa13-02.html (psirt@adobe.com) [Vendor Advisory]
- http://www.adobe.com/support/security/bulletins/apsb13-07.html (psirt@adobe.com) [Broken Link]
- http://www.kb.cert.org/vuls/id/422807 (psirt@adobe.com) [Third Party Advisory, US Government Resource]
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296 (psirt@adobe.com) [Broken Link]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0641 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]