CVE-2002-0030Adobe Acrobat vulnerability

2 documents2 sources
Severity
4.6MEDIUMNVD
EPSS
0.2%
top 55.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedApr 2
Latest updateApr 30

Description

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDadobe/acrobat6 versions+5
NVDadobe/acrobat_reader6 versions+5

Patches

Patch: www.kb.cert.orgPatch: www.kb.cert.org

🔴Vulnerability Details

1
GHSA
GHSA-62h9-42q3-6p62: The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attacke2022-04-30
CVE-2002-0030 — Adobe Acrobat vulnerability | cvebase