Cyber Resilience

CVE-2013-0641

HighCISA KEVActive ExploitationEUVD Exploited

Published: 14 February 2013

Published
14 February 2013
Modified
21 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.8796 99.5th percentile
Risk Priority 88 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2013-0641 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Adobe Acrobat. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2013-0641 is a buffer overflow vulnerability, tracked as CWE-120, that affects Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02. It received a CVSS 3.1 score of 7.8 reflecting local attack vector, low attack complexity, no privileges required, and required user interaction, with high impact on confidentiality, integrity, and availability.

Remote attackers can exploit the flaw by supplying a crafted PDF document that triggers the overflow, resulting in arbitrary code execution on the target system. The vulnerability was exploited in the wild in February 2013.

Adobe PSIRT and distribution vendors such as openSUSE published advisories directing users to apply the fixed versions 9.5.4, 10.1.6, and 11.0.02. Analyses from FireEye and McAfee detail sandbox escape techniques observed in the February 2013 attacks.

EU & UK References

Vulnerability details

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
acrobat
9.0 — 9.5.4 · 10.0 — 10.1.6 · 11.0 — 11.0.02
adobe
acrobat reader
10.0 — 10.1.6 · 11.0 — 11.0.02 · 9.0 — 9.5.4
redhat
enterprise linux desktop
6.0
redhat
enterprise linux eus
5.9, 6.4
redhat
enterprise linux server
6.0
redhat
enterprise linux server aus
5.9, 6.4
redhat
enterprise linux workstation
6.0
opensuse
opensuse
11.4, 12.1
suse
linux enterprise desktop
10, 11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patches (9.5.4/10.1.6/11.0.02) that eliminate the buffer-overflow flaw in PDF parsing.

prevent

Enforces memory-protection mechanisms (ASLR, DEP, etc.) that block exploitation of the CWE-120 buffer overflow before arbitrary code can execute.

preventdetect

Malicious-code detection on PDF files can identify or block the crafted documents used to trigger CVE-2013-0641.

References