CVE-2002-0030

Current Description

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.

Basic Data

PublishedApril 02, 2003
Last ModifiedSeptember 10, 2008
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.6
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAdobeAcrobat4.0*******
    2.3ApplicationAdobeAcrobat4.0.5*******
    2.3ApplicationAdobeAcrobat4.0.5a*******
    2.3ApplicationAdobeAcrobat4.0.5c*******
    2.3ApplicationAdobeAcrobat5.0*******
    2.3ApplicationAdobeAcrobat5.0.5*******
    2.3ApplicationAdobeAcrobat Reader4.0*******
    2.3ApplicationAdobeAcrobat Reader4.0.5*******
    2.3ApplicationAdobeAcrobat Reader4.0.5a*******
    2.3ApplicationAdobeAcrobat Reader4.0.5c*******
    2.3ApplicationAdobeAcrobat Reader5.0*******
    2.3ApplicationAdobeAcrobat Reader5.0.5*******

Vulnerable Software List

VendorProductVersions
Adobe Acrobat 4.0, 4.0.5, 4.0.5a, 4.0.5c, 5.0, 5.0.5
Adobe Acrobat Reader 4.0, 4.0.5, 4.0.5a, 4.0.5c, 5.0, 5.0.5

References

NameSourceURLTags
20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forgedhttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.htmlVULNWATCHVendor Advisory
20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forgedhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.htmlFULLDISC
VU#549913http://www.kb.cert.org/vuls/id/549913CERT-VNPatch Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/JSHA-5EZQGZhttp://www.kb.cert.org/vuls/id/JSHA-5EZQGZCONFIRMVendor Advisory