CVE-2013-2729

critical-risk
Published 2013-05-16

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.

Do I need to act?

!
89.5% chance of exploitation in next 30 days
EPSS score — higher than 10% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
26703
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (11)

Affected Vendors

Adobe Redhat Suse

References (12)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2013-0826.html
Third Party Advisory http://security.gentoo.org/glsa/glsa-201308-03.xml
Not Applicable http://www.adobe.com/support/security/bulletins/apsb13-15.html
Broken Link https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
Mailing List http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2013-0826.html
Third Party Advisory http://security.gentoo.org/glsa/glsa-201308-03.xml
Not Applicable http://www.adobe.com/support/security/bulletins/apsb13-15.html
Broken Link https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
https://github.com/cisagov/vulnrichment/issues/199
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-...
75
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 27/34 · High
Exposure 16/34 · Moderate