Adobe: >> Acrobat Security Vulnerabilities
Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.
CVSS Score
7.5
EPSS Score
0.012
Published
2003-06-16
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
CVSS Score
4.6
EPSS Score
0.002
Published
2003-04-02
Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier.
CVSS Score
7.6
EPSS Score
0.051
Published
2000-10-20
Page 136