CVE-2002-0030

Description

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.

Affected products

• Adobe / acrobat4.0 – 4.0
• Adobe / acrobat4.0.5 – 4.0.5
• Adobe / acrobat4.0.5a – 4.0.5a
• Adobe / acrobat4.0.5c – 4.0.5c
• Adobe / acrobat5.0 – 5.0
• Adobe / acrobat5.0.5 – 5.0.5
• Adobe / Acrobat Reader4.0 – 4.0
• Adobe / Acrobat Reader4.0.5 – 4.0.5
• Adobe / Acrobat Reader4.0.5a – 4.0.5a
• Adobe / Acrobat Reader4.0.5c – 4.0.5c
• Adobe / Acrobat Reader5.0 – 5.0
• Adobe / Acrobat Reader5.0.5 – 5.0.5

References

• MISChttp://www.kb.cert.org/vuls/id/549913
• MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.html
• MISChttp://www.kb.cert.org/vuls/id/JSHA-5EZQGZ
• MISChttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.html