BID:58568

Adobe Reader and Acrobat CVE-2013-2550 Use After Free Remote Code Execution Vulnerability

Info

Adobe Reader and Acrobat CVE-2013-2550 Use After Free Remote Code Execution Vulnerability

Bugtraq ID:	58568
Class:	Unknown
CVE:	CVE-2013-2550
Remote:	Yes
Local:	No
Published:	Mar 07 2013 12:00AM
Updated:	Mar 19 2015 09:18AM
Credit:	George Hotz
Vulnerable:	SuSE SUSE Linux Enterprise Desktop 11 SP2 + Linux kernel 2.6.5 SuSE SUSE Linux Enterprise Desktop 10 SP4 + Linux kernel 2.6.5 SuSE openSUSE 11.4 Gentoo Linux

Not Vulnerable:

Discussion

Adobe Reader and Acrobat CVE-2013-2550 Use After Free Remote Code Execution Vulnerability

Adobe Reader and Acrobat are prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Exploit / POC

Adobe Reader and Acrobat CVE-2013-2550 Use After Free Remote Code Execution Vulnerability

Exploitation of this issue was demonstrated at the Pwn2Own contest, but the exploit is not publicly available.

Solution / Fix

Adobe Reader and Acrobat CVE-2013-2550 Use After Free Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Adobe Reader and Acrobat CVE-2013-2550 Use After Free Remote Code Execution Vulnerability

References:

Acrobat Homepage (Adobe)
Adobe Homepage (Adobe)
Adobe Reader Homepage (Adobe)
Pwn2Own 2013 (HP)
(Pwn2Own) Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability (Zero Day Initiative )
APSB13-15: Security updates available for Adobe Reader and Acrobat (Adobe)
openSUSE Security Update: acroread to 9.5.5 (opensuse)