| Vulnerability Name: | CVE-2003-0142 (CCN-11610) | ||||||||
| Assigned: | 2003-03-21 | ||||||||
| Published: | 2003-03-21 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Jul 08 2003 - 05:38:15 CDT Adobe Acrobat and PDF security: no improvements for 2 years Source: CCN Type: VulnWatch Mailing List, Mon Mar 24 2003 - 05:58:22 CST Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged Source: MITRE Type: CNA CVE-2002-0030 Source: MITRE Type: CNA CVE-2003-0142 Source: CCN Type: Adobe Web site Adobe Systems Incorporated Source: CCN Type: US-CERT VU#549913 Adobe Acrobat PDF viewers contain flaw when loading and verifying plug-ins Source: CCN Type: US-CERT VU#689835 Adobe PDF viewers allow non-certified plug-ins to put viewers into Certified Mode Source: CERT-VN Type: US Government Resource VU#689835 Source: CCN Type: CERT Web site Adobe Systems Incorporated Information for VU#549913 Source: CCN Type: OSVDB ID: 9294 Adobe Acrobat CTIsCertifiedMode Function Untrusted Plugin Loading Source: BUGTRAQ Type: Vendor Advisory 20030708 Adobe Acrobat and PDF security: no improvements for 2 years Source: CCN Type: BID-7174 Adobe Acrobat Plug-In Forged Digital Signature Vulnerability Source: XF Type: UNKNOWN adobe-plugin-signature-bypass(11610) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||