Vulnerability Description
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Acrobat | 4.0 |
| Adobe | Acrobat Reader | 4.0 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.htmlVendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.html
- http://www.kb.cert.org/vuls/id/549913PatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/JSHA-5EZQGZVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.htmlVendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.html
- http://www.kb.cert.org/vuls/id/549913PatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/JSHA-5EZQGZVendor Advisory
FAQ
What is CVE-2002-0030?
CVE-2002-0030 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by ...
How severe is CVE-2002-0030?
CVE-2002-0030 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0030?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Adobe Acrobat Reader.