Vulnerabilities > CVE-2002-0030 - Unspecified vulnerability in Adobe Acrobat and Acrobat Reader

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

adobe

NVD

Published: 2003-04-02

Updated: 2008-09-10

Summary

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Acrobat 4.0 Adobe Acrobat 4.0.5 Adobe Acrobat 4.0.5A Adobe Acrobat 4.0.5C Adobe Acrobat 5.0 Adobe Acrobat 5.0.5 Adobe Acrobat Reader 4.0 Adobe Acrobat Reader 4.0.5 Adobe Acrobat Reader 4.0.5A Adobe Acrobat Reader 4.0.5C Adobe Acrobat Reader 5.0 Adobe Acrobat Reader 5.0.5	12

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.html
http://www.kb.cert.org/vuls/id/549913
http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ