Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged
From: Melvyn Sopacua <msopacua () idg nl>
Date: Mon, 24 Mar 2003 18:03:15 +0100



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 13:02 3/24/2003, Vladimir Katalov wrote:


  However, the implementation of certification mechanism is weak, and
  it is
  easy to write a plug-in that will look like one certified by Adobe,
  and so
  will be loaded even in 'trusted' mode. Such plug-in can execute ANY
  code
  -- i.e. perform file operations (read/write/execute), access Windows
  Registry etc.

[ ... ]

  3. 'Trusted' mode is activated automatically by Adobe Acrobat/Reader
  when it loads documents that are protected using various DRM
  (Digital
  Rights Management) schemes such as WebBuy, InterTrust DocBox etc --
  to
  prevent protected contect from being saved with protection stripped.
  However, a plug-in with 'fake' certificate can be loaded anyway, and
  so it will be able to do anything with DRM-protected documents, e.g.
  altering or removing security options.

Q: how is the chicken and egg problem circumvented here? Social
Engineering?
Or is there a similar mechaniscm like HTML Object tags, where plugin
urls are
embedded in the document and (semi-) automically installed?

Met vriendelijke groeten / With kind regards,

Webmaster IDG.nl
Melvyn Sopacua

<@JE> Hosting: $5 per month. Domain name: $15, your site being down
twice a week: Priceless.
http://www.bash.org/?42663

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)

iD8DBQE+fzkHG6UQjZVtCO8RAmu8AJ0ddu32EV/rxC6sfwji4xqs/X/bhgCfeVNM
02vJtNDK5QG1GgiZ2Yb9azY=
=Rq8n
-----END PGP SIGNATURE-----

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]