Lucene search

[email protected]CVE-2013-0641

HistoryFeb 14, 2013 - 1:55 a.m.

CVE-2013-0641

2013-02-1401:55:02

CWE-120

[email protected]

web.nvd.nist.gov

851

In Wild

cve-2013-0641

buffer overflow

adobe reader

adobe acrobat

remote code execution

pdf document

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.814

Percentile

98.4%

JSON

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

Affected configurations

NVD

Node

adobeacrobatRange9.0–9.5.4

adobeacrobatRange10.0–10.1.6

adobeacrobatRange11.0–11.0.02

adobeacrobat_readerRange10.0–10.1.6

adobeacrobat_readerRange11.0–11.0.02

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeacrobat_readerRange9.0–9.5.4

AND

linuxlinux_kernelMatch-

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch5.9

redhatenterprise_linux_eusMatch6.4

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch5.9

redhatenterprise_linux_server_ausMatch6.4

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.1

suselinux_enterprise_desktopMatch10sp4-

suselinux_enterprise_desktopMatch11sp2

References

blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html

blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html

blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit

lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html

lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html

lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html

rhn.redhat.com/errata/RHSA-2013-0551.html

security.gentoo.org/glsa/glsa-201308-03.xml

www.adobe.com/support/security/advisories/apsa13-02.html

www.adobe.com/support/security/bulletins/apsb13-07.html

www.kb.cert.org/vuls/id/422807

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16296

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.814

Percentile

98.4%

JSON

Related for CVE-2013-0641

nvd1 symantec1 cvelist1 cisa_kev1 prion1 threatpost3 attackerkb1 ubuntucve1 openvas12 nessus10 redhat1 thn2 carbonblack1 suse4 cisa1 cert1 securityvulns1 gentoo1