PT-2013-3832 · Adobe+2 · Reader+2

Published

2013-03-11

Updated

2017-09-19

CVE-2013-2549

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Adobe Reader version 11.0.02

Description The issue allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox". This was demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.

Recommendations For Adobe Reader version 11.0.02, consider disabling the sandbox feature as a temporary workaround until a patch is available. Restrict access to potentially vulnerable modules to minimize the risk of exploitation.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2013-2549

RHSA-2013:0826

RHSA-2013_0826

SUSE-SU-2013_0809-1

ZDI-13-106

Affected Products

Reader

Red Hat

Suse

PT-2013-3832 · Adobe+2 · Reader+2

CVE-2013-2549

Weakness Enumeration

Related Identifiers

Affected Products

References · 105