Vulnerability-Lookup

CVE-2013-0640 (GCVE-0-2013-0640)

Vulnerability from cvelistv5 – Published: 2013-02-14 01:00 – Updated: 2025-10-22 00:05

Summary

Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

adobe

References

URL

Tags

	http://blogs.adobe.com/psirt/2013/02/adobe-reader…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/422807	third-party-advisoryx_refsource_CERT-VN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://blog.fireeye.com/research/2013/02/in-turn-…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://rhn.redhat.com/errata/RHSA-2013-0551.html	vendor-advisoryx_refsource_REDHAT
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.adobe.com/support/security/advisories/…	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-201308-03.xml	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:33:05.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html"
          },
          {
            "name": "VU#422807",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/422807"
          },
          {
            "name": "openSUSE-SU-2013:0335",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html"
          },
          {
            "name": "openSUSE-SU-2013:0342",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html"
          },
          {
            "name": "oval:org.mitre.oval:def:16406",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406"
          },
          {
            "name": "RHSA-2013:0551",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0551.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb13-07.html"
          },
          {
            "name": "SUSE-SU-2013:0349",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa13-02.html"
          },
          {
            "name": "GLSA-201308-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2013-0640",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T22:05:52.934008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0640"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:44.167Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0640"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00.000Z",
            "value": "CVE-2013-0640 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html"
        },
        {
          "name": "VU#422807",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/422807"
        },
        {
          "name": "openSUSE-SU-2013:0335",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html"
        },
        {
          "name": "openSUSE-SU-2013:0342",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html"
        },
        {
          "name": "oval:org.mitre.oval:def:16406",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406"
        },
        {
          "name": "RHSA-2013:0551",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0551.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb13-07.html"
        },
        {
          "name": "SUSE-SU-2013:0349",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa13-02.html"
        },
        {
          "name": "GLSA-201308-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2013-0640",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html",
              "refsource": "CONFIRM",
              "url": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html"
            },
            {
              "name": "VU#422807",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/422807"
            },
            {
              "name": "openSUSE-SU-2013:0335",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html"
            },
            {
              "name": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html",
              "refsource": "MISC",
              "url": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html"
            },
            {
              "name": "openSUSE-SU-2013:0342",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html"
            },
            {
              "name": "oval:org.mitre.oval:def:16406",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406"
            },
            {
              "name": "RHSA-2013:0551",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0551.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb13-07.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb13-07.html"
            },
            {
              "name": "SUSE-SU-2013:0349",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa13-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa13-02.html"
            },
            {
              "name": "GLSA-201308-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2013-0640",
    "datePublished": "2013-02-14T01:00:00.000Z",
    "dateReserved": "2012-12-18T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:44.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2013-0640",
      "cwes": "[\"CWE-787\"]",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0640",
      "product": "Reader and Acrobat",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Reader and Acrobat Memory Corruption Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/422807\", \"name\": \"VU#422807\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html\", \"name\": \"openSUSE-SU-2013:0335\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html\", \"name\": \"openSUSE-SU-2013:0342\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406\", \"name\": \"oval:org.mitre.oval:def:16406\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\", \"x_transferred\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0551.html\", \"name\": \"RHSA-2013:0551\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb13-07.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html\", \"name\": \"SUSE-SU-2013:0349\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa13-02.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201308-03.xml\", \"name\": \"GLSA-201308-03\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T14:33:05.574Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2013-0640\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T22:05:52.934008Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0640\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-03T00:00:00.000Z\", \"value\": \"CVE-2013-0640 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0640\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T22:05:41.594Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2013-02-12T00:00:00.000Z\", \"references\": [{\"url\": \"http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/422807\", \"name\": \"VU#422807\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html\", \"name\": \"openSUSE-SU-2013:0335\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html\", \"name\": \"openSUSE-SU-2013:0342\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406\", \"name\": \"oval:org.mitre.oval:def:16406\", \"tags\": [\"vdb-entry\", \"signature\", \"x_refsource_OVAL\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0551.html\", \"name\": \"RHSA-2013:0551\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb13-07.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html\", \"name\": \"SUSE-SU-2013:0349\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa13-02.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201308-03.xml\", \"name\": \"GLSA-201308-03\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2017-09-18T12:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html\", \"name\": \"http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/422807\", \"name\": \"VU#422807\", \"refsource\": \"CERT-VN\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html\", \"name\": \"openSUSE-SU-2013:0335\", \"refsource\": \"SUSE\"}, {\"url\": \"http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html\", \"name\": \"http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html\", \"name\": \"openSUSE-SU-2013:0342\", \"refsource\": \"SUSE\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406\", \"name\": \"oval:org.mitre.oval:def:16406\", \"refsource\": \"OVAL\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-0551.html\", \"name\": \"RHSA-2013:0551\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb13-07.html\", \"name\": \"http://www.adobe.com/support/security/bulletins/apsb13-07.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html\", \"name\": \"SUSE-SU-2013:0349\", \"refsource\": \"SUSE\"}, {\"url\": \"http://www.adobe.com/support/security/advisories/apsa13-02.html\", \"name\": \"http://www.adobe.com/support/security/advisories/apsa13-02.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201308-03.xml\", \"name\": \"GLSA-201308-03\", \"refsource\": \"GENTOO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2013-0640\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@adobe.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2013-0640\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:44.167Z\", \"dateReserved\": \"2012-12-18T00:00:00.000Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2013-02-14T01:00:00.000Z\", \"assignerShortName\": \"adobe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTA-2013-ALE-002

Vulnerability from certfr_alerte - Published: 2013-02-14 - Updated: 2013-02-21

Des vulnérabilités affectent les produits Adobe Acrobat et Adobe Reader. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance au moyen d'un fichier PDF spécialement conçu. Elles sont activement exploitées.

Contournement provisoire

Dans le cas où Adobe Reader ou Acrobat ne sont pas nécessaires, il est recommandé de désactiver ces logiciels le temps qu'un correctif soit disponible. L'éditeur prévoie la diffusion d'un correctif de sécurité.

Adobe recommande d'activer le mode de protection Protected View pour rendre plus difficile l'exploitation de ces vulnérabilités.

En plus de la solution de l'éditeur, le CERTA préconise de désactiver JavaScript dans le lecteur PDF et d'utiliser la version « XI » d'Adobe Reader ou Acrobat.

Nous recommandons également de ne pas ouvrir de documents PDF qui ne sont pas de confiance :

issu d'un site Web inconnu ;
en pièce jointe d'un courriel dont l'expéditeur n'est pas connu.

Solution

Installer la dernière version stable de Adobe Reader et Acrobat :

Adobe Reader XI version 11.0.02 pour la branche 11.x
Adobe Reader X version 10.1.6 pour la branche 10.x
Adobe Reader version 9.5.4 pour la branche 9.x
Adobe Acrobat XI version 11.0.02 pour la branche 11.x
Adobe Acrobat X version 10.1.6 pour la branche 10.x
Adobe Acrobat version 9.5.4 pour la branche 9.x

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Acrobat	Adobe Reader X ( versions 10.1.5 et antérieures ) pour Windows et Macintosh
Adobe	Acrobat	Adobe Reader versions 9.5.3 et antérieures pour Windows et Macintosh
Adobe	Acrobat	Adobe Acrobat X ( versions 10.1.5 et antérieures ) pour Windows et Macintosh
Adobe	Acrobat	Adobe Acrobat versions 9.5.3 et antérieures pour Windows et Macintosh
Adobe	Acrobat	Adobe Reader XI ( versions 11.0.01 et antérieures ) pour Windows et Macintosh
Adobe	Acrobat	Adobe Acrobat XI ( versions 11.0.01 et antérieures ) pour Windows et Macintosh

References

Title

Publication Time

FKIE_CVE-2013-0640

Vulnerability from fkie_nvd - Published: 2013-02-14 01:55 - Updated: 2025-10-22 01:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@adobe.com	http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html	Broken Link
psirt@adobe.com	http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html	Broken Link
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html	Mailing List, Third Party Advisory
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html	Mailing List, Third Party Advisory
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html	Mailing List, Third Party Advisory
psirt@adobe.com	http://rhn.redhat.com/errata/RHSA-2013-0551.html	Third Party Advisory
psirt@adobe.com	http://security.gentoo.org/glsa/glsa-201308-03.xml	Third Party Advisory
psirt@adobe.com	http://www.adobe.com/support/security/advisories/apsa13-02.html	Vendor Advisory
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb13-07.html	Broken Link
psirt@adobe.com	http://www.kb.cert.org/vuls/id/422807	Third Party Advisory, US Government Resource
psirt@adobe.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0551.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201308-03.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/advisories/apsa13-02.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb13-07.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/422807	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406	Broken Link
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0640

Impacted products

Vendor	Product	Version
adobe	acrobat	*
adobe	acrobat	*
adobe	acrobat	*
adobe	acrobat_reader	*
adobe	acrobat_reader	*
apple	mac_os_x	-
microsoft	windows	-
opensuse	opensuse	11.4
opensuse	opensuse	12.1
suse	linux_enterprise_desktop	10
suse	linux_enterprise_desktop	11
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_eus	5.9
redhat	enterprise_linux_eus	6.4
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server_aus	5.9
redhat	enterprise_linux_server_aus	6.4
redhat	enterprise_linux_workstation	6.0
adobe	acrobat_reader	*
apple	mac_os_x	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "cisaActionDue": "2022-03-24",
  "cisaExploitAdd": "2022-03-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Adobe Reader and Acrobat Memory Corruption Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFEFA0B2-BC74-4706-8355-865FB53841EC",
              "versionEndExcluding": "9.5.4",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E00254C1-A91A-4BF0-B166-37AE5CCAE32F",
              "versionEndExcluding": "10.1.6",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE7F2ED-DDCB-4DE1-A766-FADE13F249C9",
              "versionEndExcluding": "11.0.02",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4464ED3-7FC8-43D7-B596-59AD6E4D867F",
              "versionEndExcluding": "10.1.6",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0644C6-8AC7-41B2-A32F-D7D5C534BD5C",
              "versionEndExcluding": "11.0.02",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*",
              "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCCCCCC1-DC4F-4FE8-9205-35C6C12552B4",
              "versionEndExcluding": "9.5.4",
              "versionStartIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Adobe Reader y Acrobat v9.x a trav\u00e9s de v9.5.3, v10.x trav\u00e9s v10.1.5, v11.0.1 y v11.x mediante, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento PDF manipulado, explotada libremente en febrero de 2013, una vulnerabilidad diferente a CVE-2013-0641."
    }
  ],
  "id": "CVE-2013-0640",
  "lastModified": "2025-10-22T01:15:47.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2013-02-14T01:55:02.023",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0551.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa13-02.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-07.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/422807"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0551.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa13-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-07.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/422807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0640"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GSD-2013-0640

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-0640

Aliases

CVE-2013-0640

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-0640",
    "description": "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.",
    "id": "GSD-2013-0640",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-0640.html",
      "https://access.redhat.com/errata/RHSA-2013:0551"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-0640"
      ],
      "details": "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.",
      "id": "GSD-2013-0640",
      "modified": "2023-12-13T01:22:14.528515Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2013-0640",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "product": "Reader and Acrobat",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Reader and Acrobat Memory Corruption Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2013-0640",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html",
            "refsource": "CONFIRM",
            "url": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html"
          },
          {
            "name": "VU#422807",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/422807"
          },
          {
            "name": "openSUSE-SU-2013:0335",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html"
          },
          {
            "name": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html",
            "refsource": "MISC",
            "url": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html"
          },
          {
            "name": "openSUSE-SU-2013:0342",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html"
          },
          {
            "name": "oval:org.mitre.oval:def:16406",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406"
          },
          {
            "name": "RHSA-2013:0551",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0551.html"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb13-07.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb13-07.html"
          },
          {
            "name": "SUSE-SU-2013:0349",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html"
          },
          {
            "name": "http://www.adobe.com/support/security/advisories/apsa13-02.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/advisories/apsa13-02.html"
          },
          {
            "name": "GLSA-201308-03",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:11.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.4:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.4:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.3:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.3:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0.1:-:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:acrobat:11.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2013-0640"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html"
            },
            {
              "name": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa13-02.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/advisories/apsa13-02.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb13-07.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/bulletins/apsb13-07.html"
            },
            {
              "name": "openSUSE-SU-2013:0342",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html"
            },
            {
              "name": "SUSE-SU-2013:0349",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html"
            },
            {
              "name": "openSUSE-SU-2013:0335",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html"
            },
            {
              "name": "RHSA-2013:0551",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0551.html"
            },
            {
              "name": "GLSA-201308-03",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
            },
            {
              "name": "VU#422807",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/422807"
            },
            {
              "name": "oval:org.mitre.oval:def:16406",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-19T01:35Z",
      "publishedDate": "2013-02-14T01:55Z"
    }
  }
}

GHSA-5MVV-QMF3-7P25

Vulnerability from github – Published: 2022-05-17 00:57 – Updated: 2025-10-22 03:30

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-0640"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-02-14T01:55:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.",
  "id": "GHSA-5mvv-qmf3-7p25",
  "modified": "2025-10-22T03:30:33Z",
  "published": "2022-05-17T00:57:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0640"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0640"
    },
    {
      "type": "WEB",
      "url": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html"
    },
    {
      "type": "WEB",
      "url": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0551.html"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/advisories/apsa13-02.html"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb13-07.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/422807"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-0640 (GCVE-0-2013-0640)

CERTA-2013-ALE-002

Contournement provisoire

Solution

FKIE_CVE-2013-0640

GSD-2013-0640

GHSA-5MVV-QMF3-7P25

Tags

Sightings

Nomenclature