Bugtraq mailing list archives

Re: Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged

From: "Dan Harkless" <bugtraq () harkless org>
Date: Wed, 26 Mar 2003 10:35:13 -0800


Vladimir Katalov <info () elcomsoft com> writes:

  We were able to write a 'fake' plug-in "fakecert.api" which does
  nothing, but being loaded by Adobe Acrobat (and Reader) 4 and 5
  as the certified one even in 'trusted' mode, though we don't have
  a 'Reader Integration Key' (this plug-in has been provided only to
  Adobe and CERT). When installed into 'plug_ins' subfolder, plug-in
  is being loaded every time when Adobe Acrobat (or Reader) starts, and
  shows a simple message box.


For those of us not familiar with Acrobat plugins, is there some facility
for the program retrieving/installing plugins automatically, or, to exploit
this would you need to entice a user to manually place your .api file in
their "plug_ins" directory (or run an installer program that would do so, in
which case you could run arbitrary code anyway in the installer)?

--
Dan Harkless
bugtraq () harkless org
http://harkless.org/dan/

Current thread:

Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged Vladimir Katalov (Mar 25)
- Re: Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged Dan Harkless (Mar 27)