Cyber Resilience

CVE-2013-0640

HighCISA KEVActive ExploitationEUVD Exploited

Published: 14 February 2013

Published
14 February 2013
Modified
21 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9225 99.7th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2013-0640 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Adobe Acrobat. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

Adobe Reader and Acrobat versions 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 contain a memory corruption vulnerability tracked as CVE-2013-0640 and CWE-787. The flaw is triggered by a crafted PDF document and can result in arbitrary code execution or a denial of service condition. The issue received a CVSS 3.1 base score of 7.8 with an attack vector rated as local.

Remote attackers can deliver the malicious PDF to a target system and achieve code execution or a crash when the document is opened. Exploitation requires user interaction to open the file, after which the attacker gains the ability to run arbitrary code in the context of the affected application.

Adobe security advisories and corresponding distribution announcements direct users to apply the fixed versions 9.5.4, 10.1.6, or 11.0.02. OpenSUSE and other vendors released updated packages that incorporate these patches.

The vulnerability was exploited in the wild in February 2013, with public reporting confirming active attacks against Adobe Reader and Acrobat users at that time.

EU & UK References

Vulnerability details

Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in…

more

February 2013.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
acrobat
9.0 — 9.5.4 · 10.0 — 10.1.6 · 11.0 — 11.0.02
adobe
acrobat reader
10.0 — 10.1.6 · 11.0 — 11.0.02 · 9.0 — 9.5.4
opensuse
opensuse
11.4, 12.1
suse
linux enterprise desktop
10, 11
redhat
enterprise linux desktop
6.0
redhat
enterprise linux eus
5.9, 6.4
redhat
enterprise linux server
6.0
redhat
enterprise linux server aus
5.9, 6.4
redhat
enterprise linux workstation
6.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patches that remediate the memory-corruption flaw in Adobe Reader/Acrobat versions 9.5.4/10.1.6/11.0.02.

preventdetect

Malicious-code protection mechanisms can inspect or sandbox incoming PDF documents before they reach the vulnerable Acrobat/Reader process.

prevent

Running Acrobat/Reader under least-privilege accounts limits the impact of arbitrary code execution that results from successful exploitation of the crafted PDF.

References