CyberSec.Space Logo
返回 CVE 浏览器

CVE-2013-0641

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score53.8320%
EPSS Percentile95.98th
Published2013年2月14日
Last Modified2026年4月21日

Vulnerability Description

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

Affected Platforms (CPE)

📦
Adobe

Acrobat

>= 9.0 and < 9.5.4
📦
Adobe

Acrobat

>= 10.0 and < 10.1.6
📦
Adobe

Acrobat

>= 11.0 and < 11.0.02
📦
Adobe

Acrobat Reader

>= 10.0 and < 10.1.6
📦
Adobe

Acrobat Reader

>= 11.0 and < 11.0.02
📦
Adobe

Acrobat Reader

>= 9.0 and < 9.5.4
💻
Redhat

Enterprise Linux Desktop

= 6.0
💻
Redhat

Enterprise Linux Eus

= 5.9
💻
Redhat

Enterprise Linux Eus

= 6.4
💻
Redhat

Enterprise Linux Server

= 6.0
💻
Redhat

Enterprise Linux Server Aus

= 5.9
💻
Redhat

Enterprise Linux Server Aus

= 6.4
💻
Redhat

Enterprise Linux Workstation

= 6.0
💻
Opensuse

Opensuse

= 11.4
💻
Opensuse

Opensuse

= 12.1
💻
Suse

Linux Enterprise Desktop

= 10
💻
Suse

Linux Enterprise Desktop

= 11

References & Advisories

🔗 http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
🔗 http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
🔗 http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit
🔗 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html
🔗 http://rhn.redhat.com/errata/RHSA-2013-0551.html
🔗 http://security.gentoo.org/glsa/glsa-201308-03.xml

相关漏洞威胁

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...