Well, Adobe Reader 9 seems to catch all three attacks. Maybe the design is dumb but it can be saved: Don't accept a signature that excludes anything from hashing except the signature and certificates itself. Although I hope that visual elements can't reference into the byte range of the signature/certificates.