CVE-2013-2549

Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.

Vulnerabilidad no especificada en Adobe Reader v11.0.02 permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con "break into the sandbox", como demostró George Hotz durante la competición Pwn2Own en CanSecWest 2013.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of regular expressions. The issue lies in the ability to leak addresses by popping more items off of the stack than intended. An attacker can leverage this to execute code under the context of the current user.

*Credits: George Hotz

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-03-10 CVE Reserved
2013-03-11 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (9)

URL	Tag	Source
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157	X_refsource_misc
http://twitter.com/thezdi/statuses/309771882612281344	X_refsource_misc
http://www.adobe.com/support/security/bulletins/apsb13-15.html	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16809	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html	2017-09-19
http://rhn.redhat.com/errata/RHSA-2013-0826.html	2017-09-19
http://security.gentoo.org/glsa/glsa-201308-03.xml	2017-09-19
https://access.redhat.com/security/cve/CVE-2013-2549	2013-05-15
https://bugzilla.redhat.com/show_bug.cgi?id=920180	2013-05-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Adobe Search vendor "Adobe"		Acrobat Reader Search vendor "Adobe" for product "Acrobat Reader"				11.0.02 Search vendor "Adobe" for product "Acrobat Reader" and version "11.0.02"		-		Affected