Vulnerabilities > CVE-2013-2550 - Use After Free Remote Code Execution vulnerability in Adobe Acrobat Reader 11.0.02

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
adobe
nessus
NVD
Published: 2013-03-11
Updated: 2017-09-19

Summary

Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.

Vulnerable Configurations

Part Description Count
Application
Adobe
1

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_ADOBE_READER_APSB13-15.NASL
    descriptionThe version of Adobe Reader installed on the remote Mac OS X host is prior to 11.0.3, 10.1.7, or 9.5.5. It is, therefore, affected by the following vulnerabilities : - Unspecified memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3346) - An integer underflow condition exists that allows an attacker to execute arbitrary code. (CVE-2013-2549) - A use-after-free error exists that allows an attacker to bypass the Adobe Reader
    last seen2020-06-01
    modified2020-06-02
    plugin id66411
    published2013-05-14
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66411
    titleAdobe Reader < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15) (Mac OS X)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201308-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201308-03 (Adobe Reader: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting in arbitrary code execution or a Denial of Service condition. A local attacker could gain privileges via unspecified vectors. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id69454
    published2013-08-23
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69454
    titleGLSA-201308-03 : Adobe Reader: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ACROREAD-8571.NASL
    descriptionAcrobat Reader has been updated to version 9.5.5. The Adobe Advisory can be found at: https://www.adobe.com/support/security/bulletins/apsb13-15.html These updates resolve - memory corruption vulnerabilities that could lead to code execution. (CVE-2013-2718 / CVE-2013-2719 / CVE-2013-2720 / CVE-2013-2721 / CVE-2013-2722 / CVE-2013-2723 / CVE-2013-2725 / CVE-2013-2726 / CVE-2013-2731 / CVE-2013-2732 / CVE-2013-2734 / CVE-2013-2735 / CVE-2013-2736 / CVE-2013-3337 / CVE-2013-3338 / CVE-2013-3339 / CVE-2013-3340 / CVE-2013-3341) - an integer underflow vulnerability that could lead to code execution. (CVE-2013-2549) - a use-after-free vulnerability that could lead to a bypass of Adobe Reader
    last seen2020-06-05
    modified2013-05-19
    plugin id66506
    published2013-05-19
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66506
    titleSuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 8571)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_ACROREAD-130516.NASL
    descriptionAcrobat Reader has been updated to version 9.5.5. The Adobe Advisory can be found at: https://www.adobe.com/support/security/bulletins/apsb13-15.html These updates resolve : - memory corruption vulnerabilities that could lead to code execution. (CVE-2013-2718 / CVE-2013-2719 / CVE-2013-2720 / CVE-2013-2721 / CVE-2013-2722 / CVE-2013-2723 / CVE-2013-2725 / CVE-2013-2726 / CVE-2013-2731 / CVE-2013-2732 / CVE-2013-2734 / CVE-2013-2735 / CVE-2013-2736 / CVE-2013-3337 / CVE-2013-3338 / CVE-2013-3339 / CVE-2013-3340 / CVE-2013-3341) - an integer underflow vulnerability that could lead to code execution. (CVE-2013-2549) - a use-after-free vulnerability that could lead to a bypass of Adobe Reader
    last seen2020-06-05
    modified2013-05-19
    plugin id66505
    published2013-05-19
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66505
    titleSuSE 11.2 Security Update : Acrobat Reader (SAT Patch Number 7734)
  • NASL familyWindows
    NASL idADOBE_ACROBAT_APSB13-15.NASL
    descriptionThe version of Adobe Acrobat installed on the remote host is earlier than 11.0.3 / 10.1.7 / 9.5.5. It is, therefore, affected by multiple vulnerabilities : - Unspecified memory corruption vulnerabilities exist that could lead to code execution. (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3346) - An integer underflow error exists that could lead to code execution. (CVE-2013-2549) - A use-after-free error exists that could lead to a bypass of Adobe Reader
    last seen2020-06-01
    modified2020-06-02
    plugin id66409
    published2013-05-14
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66409
    titleAdobe Acrobat < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-437.NASL
    descriptionAcroread was updated to 9.5.5 for bnc#819918(swampid#52449). More information can be found on: https://www.adobe.com/support/security/bulletins/apsb13-15.html (CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342)
    last seen2020-06-05
    modified2014-06-13
    plugin id75008
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75008
    titleopenSUSE Security Update : acroread (openSUSE-SU-2013:0990-1)
  • NASL familyWindows
    NASL idADOBE_READER_APSB13-15.NASL
    descriptionThe version of Adobe Reader installed on the remote host is earlier than 11.0.3 / 10.1.7 / 9.5.5. It is, therefore, affected by multiple vulnerabilities : - Unspecified memory corruption vulnerabilities exist that could lead to code execution. (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3346) - An integer underflow error exists that could lead to code execution. (CVE-2013-2549) - A use-after-free error exists that could lead to a bypass of Adobe Reader
    last seen2020-06-01
    modified2020-06-02
    plugin id66410
    published2013-05-14
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66410
    titleAdobe Reader < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15)

Oval

accepted2013-07-22T04:00:20.616-04:00
classvulnerability
contributors
nameSergey Artykhov
organizationALTX-SOFT
definition_extensions
commentAdobe Reader 11.x is installed
ovaloval:org.mitre.oval:def:16400
descriptionUnspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
familywindows
idoval:org.mitre.oval:def:15992
statusaccepted
submitted2013-06-13T16:31:26.748+04:00
titleUnspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
version4

References