I've found a trojan "Exploit.CVE-2013-0028" on my iMac. What damage could it have done?

That's a Windows virus that must only show up if you have Internet Explorer 6 to 9. See > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0028

Have you got Windows on your Mac? That only appears with Windows systems, and it's a critical bug, so start into Windows and install all available updates with Windows Update, and that security bug will be removed. It's a so dangerous virus for Windows, so after installing the update, install an antivirus in Windows (like Microsoft Security Essentials) and delete the virus

Looking to the directory where it's stored, I think it's a "false positive". You visited a website (and saved it into Reading List) that may contain that virus, but as you are using OS X, you don't have to worry about it because it doesn't affect OS X.

Anyway, if you want to delete that file, I suggest you to restore Safari to default settings and run ClamXav again

You are welcome.

Be careful if you connect a USB drive or external drive to the iMac that you are going to use with a PC. Your Mac may transfer the virus to other computers, and that's why I recommend you to delete it

BananaBike wrote:

Using ClamXAV, I found this trojan and isolated it, however, I'm wondering what it could have done before it was isolated?

Not sure where you got the idea it was a Trojan. It is an exploit from a web page you visited that would take advantage of a vulnerability in Microsoft Internet Explorer 6 through 9 if you were using it in Windows. Not a false positive at all, but also nothing that could impact OS X. If it were, the infection name would most likely contain the letters "OSX". ClamXav uses a multi-platform database which will detect malware of most any platform. It can't harm you if left where it is, but using either ClamXav, Safari or the Finder to delete it is fine.