Adobe Reader Plugin Signature Bypass Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with Adobe Reader and is prone to plugin signature bypass vulnerability.

Impact

Successful exploitation will allow attacker to submit a modified plug-in to bypass signature checks and execute malicious code on the system. Impact Level: System/Application

Solution

Update to Adobe Reader version 6.0 or later. For updates refer, For updates refer to http://www.adobe.com

Insight

The flaw is due to fact the program only verifies the PE header of executable code for a plug-in signature check.

Affected

Adobe Reader 4.x and 5.x version on Windows.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.html
http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ
http://www.osvdb.com/9294
http://xforce.iss.net/xforce/xfdb/11610

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-0030

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

aMSN session hijack vulnerability (Windows)
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)
Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)

Take action and discover your vulnerabilities