Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2003-0142

Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function.

Published

2003-08-18T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	acrobat_reader	6.0	Yes

References

http://www.kb.cert.org/vuls/id/689835 US Government Resource ([email protected])
http://www.securityfocus.com/archive/1/328224 Vendor Advisory ([email protected])
http://www.kb.cert.org/vuls/id/689835 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/328224 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)