CVE-2002-0030

Severity

46%

Complexity

39%

Confidentiality

106%

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 21 years ago

2003-04-02 05:00:00

Last updated 16 years ago

2008-09-10 19:11:00

Affected Software

Adobe Acrobat 4.0

4.0

Adobe Acrobat 4.0.5

4.0.5

Adobe Acrobat 4.0.5a

4.0.5a

Adobe Acrobat 4.0.5c

4.0.5c

Adobe Acrobat 5.0

5.0

アドビシステムズ アクロバット 5.0.5

5.0.5

アドビシステムズ アクロバット リーダー 4.0

4.0

アドビシステムズ アクロバット リーダー 4.0.5

4.0.5

アドビシステムズ アクロバット リーダー 4.0.5 a

4.0.5a

Adobe Acrobat Reader 4.0.5 c

4.0.5c

アドビシステムズ アクロバット リーダー 5.0

5.0

アドビシステムズ アクロバット リーダー 5.0.5

5.0.5

References

20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged

Vendor Advisory

20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged

VU#549913

Patch, Third Party Advisory, US Government Resource

http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.