CVE-2013-0640
Published: 14 February 2013
Summary
CVE-2013-0640 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Adobe Acrobat. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
Adobe Reader and Acrobat versions 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 contain a memory corruption vulnerability tracked as CVE-2013-0640 and CWE-787. The flaw is triggered by a crafted PDF document and can result in arbitrary code execution or a denial of service condition. The issue received a CVSS 3.1 base score of 7.8 with an attack vector rated as local.
Remote attackers can deliver the malicious PDF to a target system and achieve code execution or a crash when the document is opened. Exploitation requires user interaction to open the file, after which the attacker gains the ability to run arbitrary code in the context of the affected application.
Adobe security advisories and corresponding distribution announcements direct users to apply the fixed versions 9.5.4, 10.1.6, or 11.0.02. OpenSUSE and other vendors released updated packages that incorporate these patches.
The vulnerability was exploited in the wild in February 2013, with public reporting confirming active attacks against Adobe Reader and Acrobat users at that time.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2013-0651
Vulnerability details
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in…
more
February 2013.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patches that remediate the memory-corruption flaw in Adobe Reader/Acrobat versions 9.5.4/10.1.6/11.0.02.
Malicious-code protection mechanisms can inspect or sandbox incoming PDF documents before they reach the vulnerable Acrobat/Reader process.
Running Acrobat/Reader under least-privilege accounts limits the impact of arbitrary code execution that results from successful exploitation of the crafted PDF.