CVE-2013-3346
CVE-2013-3346
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 78.6%KEV simPoC públicaNuclei —Metasploit simPatch —
Lifecycle
08 Aug 2013Metasploit module available
30 Aug 2013Published on NVD
17 Dec 2013Public PoC
03 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Adobe Reader and Acrobat versions 9, 10, and 11 contain a memory corruption flaw that allows attackers to run malicious code or crash the application by opening a specially crafted document. This is a critical vulnerability because these are widely used applications for viewing PDF files.
Technical detail
Out-of-bounds write vulnerability (CWE-787) in Adobe Reader/Acrobat 9.x, 10.x, and 11.x triggered via unspecified vectors in PDF processing. Exploitation requires user interaction (opening a malicious PDF), but results in arbitrary code execution with application privileges or denial of service through memory corruption.
Summary generated and translated by AI from the official description.
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/30394unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →