CVE-2003-0142

Adobe Acrobat Reader acroread 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifyin...

CVE-2003-0142

Adobe Acrobat/Reader (acroread) 6 is affected by a plugin-signature bypass vulnerability when the product runs with the default settings allowing untrusted non-certified plug-ins. The issue arises from loading signatures used for older Acrobat versions and manipulating the CTIsCertifiedMode funct...

Adobe PDF viewers allow non-certified plug-ins to put viewers into Certified Mode

Overview By default, Adobe PDF viewers will start up and load non-certified plug-ins installed in a local plugins directory. Adobe Reader plug-ins not certified by Adobe, if allowed to load, can execute arbitrary code in the process space of the running viewer. One incremental impact of such...

CVE-2002-0030

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe...