Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged
From: "Dan Harkless" <bugtraq () harkless org>
Date: Wed, 26 Mar 2003 10:35:13 -0800

Vladimir Katalov <info () elcomsoft com> writes:
  We were able to write a 'fake' plug-in "fakecert.api" which does
  nothing, but being loaded by Adobe Acrobat (and Reader) 4 and 5
  as the certified one even in 'trusted' mode, though we don't have
  a 'Reader Integration Key' (this plug-in has been provided only to
  Adobe and CERT). When installed into 'plug_ins' subfolder, plug-in
  is being loaded every time when Adobe Acrobat (or Reader) starts, and
  shows a simple message box.

For those of us not familiar with Acrobat plugins, is there some facility
for the program retrieving/installing plugins automatically, or, to exploit
this would you need to entice a user to manually place your .api file in
their "plug_ins" directory (or run an installer program that would do so, in
which case you could run arbitrary code anyway in the installer)?

Dan Harkless
bugtraq () harkless org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]