CVE-2013-0641
Published: 14 February 2013
Summary
CVE-2013-0641 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Adobe Acrobat. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2013-0641 is a buffer overflow vulnerability, tracked as CWE-120, that affects Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02. It received a CVSS 3.1 score of 7.8 reflecting local attack vector, low attack complexity, no privileges required, and required user interaction, with high impact on confidentiality, integrity, and availability.
Remote attackers can exploit the flaw by supplying a crafted PDF document that triggers the overflow, resulting in arbitrary code execution on the target system. The vulnerability was exploited in the wild in February 2013.
Adobe PSIRT and distribution vendors such as openSUSE published advisories directing users to apply the fixed versions 9.5.4, 10.1.6, and 11.0.02. Analyses from FireEye and McAfee detail sandbox escape techniques observed in the February 2013 attacks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2013-0652
Vulnerability details
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patches (9.5.4/10.1.6/11.0.02) that eliminate the buffer-overflow flaw in PDF parsing.
Enforces memory-protection mechanisms (ASLR, DEP, etc.) that block exploitation of the CWE-120 buffer overflow before arbitrary code can execute.
Malicious-code detection on PDF files can identify or block the crafted documents used to trigger CVE-2013-0641.