This may seem old news and was indeed already discovered in 2001, but even though Adobe has been notified about it, no fix exists today. [Michel]
Acrobat plug-ins can be digitally signed to determine whether they should be loaded by Adobe Acrobat Reader at startup. This digital signature mechanism is not cryptographically strong and allows other potentially-malicious plug-in code to pretend to be certified by Adobe and be executed by Acrobat Reader even when in 'Certified Plug-ins Only' mode.
The digital signature mechanism used by Adobe Acrobat and Adobe Acrobat Reader to determine if a plug-in is certified ("Reader enabled") only checks the Portable Executable (PE) header of the plug-in file (dynamic library). This cryptographic weakness can be used to make unsigned plug-ins appear to be certified by Adobe and loaded by Adobe Acrobat Reader regardless of the 'Certified Plug-ins Only' setting.
View: CERT/CC Vulnerability Note VU#549913 : Contains the full details including a workaround
News source: WebWereld (Dutch)
