The 2013 Pwnie Winner For Best Client-Side Bug

Adobe Reader Buffer Overflow and Sandbox Escape (CVE-2013-0641)

Credit: Unknown

Just in time for last Valentine’s day, FireEye found a sophisticated PDF attack in the wild that exploited Adobe Reader and escaped its sandbox. This exploit wanted to show its love for clipboard buffer lengths all in a pure-ROP payload.