CVE-2002-0030

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.

Published: Apr 2, 2003
Updated: Apr 13, 2023
CVE: CVE-2002-0030
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / acrobat_reader	5.0	5.0.x
adobe / acrobat	4.0	4.0.x
adobe / acrobat_reader	4.0.5	4.0.5.x
adobe / acrobat_reader	4.0	4.0.x
adobe / acrobat_reader	4.0.5a	4.0.5a.x
adobe / acrobat_reader	5.0.5	5.0.5.x
adobe / acrobat	4.0.5c	4.0.5c.x
adobe / acrobat	4.0.5a	4.0.5a.x
adobe / acrobat	5.0	5.0.x
adobe / acrobat	5.0.5	5.0.5.x
adobe / acrobat	4.0.5	4.0.5.x
adobe / acrobat_reader	4.0.5c	4.0.5c.x

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.html
http://www.kb.cert.org/vuls/id/549913
http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ

Vulnerability Database

289,599

CVE-2002-0030